NotCVE - vendor:"Microfocus"

Page 38 of 221 results (0.004 seconds)

CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2017-5187

https://notcve.org/view.php?id=CVE-2017-5187

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. Una vulnerabilidad de tipo Cross-Site Request Forgery (CWE-352) en Directory Server (también llamado Enterprise Server Administration web UI) en Micro Focus Enterprise Developer y Enterprise Server 2.3 y anteriores, 2.3 Update 1 en versiones anteriores a Hotfix 8, y 2.3 Update 2 en versiones anteriores a Hotfix 9 permite que atacantes remotos sin autenticar vean y alteren (CWE-275) la información de configuración e inyecten comandos del sistema operativo (CWE-78) mediante peticiones falsificadas. • https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-7422

https://notcve.org/view.php?id=CVE-2017-7422

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default. Las vulnerabilidades de cross-Site Scripting (XSS) reflejado y stored en esfadmingui en Micro Focus Enterprise Developer y Enterprise Server 2.3, 2.3 Update 1 en versiones anteriores a Hotfix 8, y 2.3 Update 2 en versiones anteriores a Hotfix 9 permiten que atacantes remotos autenticados omitan los mecanismos de protección (CWE-693) y otras características de seguridad si este componente está configurado. Nótese que esfadmingui no está habilitado por defecto. • https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0

CVE-2017-7421

https://notcve.org/view.php?id=CVE-2017-7421

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. Las vulnerabilidades de cross-Site Scripting (XSS) reflejado y stored en Directory Server (también llamado Enterprise Server Administration web UI) y ESMAC (también llamado Enterprise Server Monitor and Control) en Micro Focus Enterprise Developer y Enterprise Server 2.3 y anteriores, 2.3 Update 1 en versiones anteriores a Hotfix 8, y 2.3 Update 2 en versiones anteriores a Hotfix 9 permiten que atacantes remotos autenticados omitan los mecanismos de protección (CWE-693) y otras características de seguridad. • https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0

CVE-2017-8993

https://notcve.org/view.php?id=CVE-2017-8993

A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. IBM Maximo Asset Management versiones 7.5 y 7.6 podría permitir que un atacante remoto incluya archivos arbitrarios y, como consecuencia, ejecute código en el servidor Web vulnerable. IBM X-Force ID: 129106. • http://www.securityfocus.com/bid/100087 http://www.securitytracker.com/id/1039065 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03766en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-5184

https://notcve.org/view.php?id=CVE-2017-5184

A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow leakage of information (account enumeration). Se descubrió una vulnerabilidad en NetIQ Sentinel Server 8.0 en versiones anteriores a 8.0.1 que pueden permitir la fuga de información (enumeración de cuentas). • http://www.securityfocus.com/bid/97262 https://www.netiq.com/support/kb/doc.php?id=7018753 https://www.tenable.com/security/research/tra-2017-15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1...36 37 38 39 40