CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32261 – Dimensions CM Plugin for Jenkins 0.8.17 – 0.9.3
https://notcve.org/view.php?id=CVE-2023-32261
19 Jul 2023 — A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. See the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allo... • https://plugins.jenkins.io/dimensionsscm • CWE-863: Incorrect Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24469
https://notcve.org/view.php?id=CVE-2023-24469
13 Jun 2023 — Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0 • https://portal.microfocus.com/s/article/KM000018224?language=en_US%2C • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24470
https://notcve.org/view.php?id=CVE-2023-24470
13 Jun 2023 — Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0. • https://portal.microfocus.com/s/article/KM000018224?language=en_US • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-38757 – CVE-2022-38757 ZENworks
https://notcve.org/view.php?id=CVE-2022-38757
23 Dec 2022 — A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the admini... • https://kmviewer.saas.microfocus.com/#/PH_206719 • CWE-269: Improper Privilege Management •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38756 – CVE-2022-38756 vulnerability in GW Web prior to 18.4.2
https://notcve.org/view.php?id=CVE-2022-38756
16 Dec 2022 — A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies. Se ha identificado una vulnerabilidad en Micro Focus GroupWise Web en versiones anteriores a la 18.4.2. El componente web de GW realiza una solicitud al Agente de la oficina postal que contiene información confidencial en los parámetros de co... • https://packetstorm.news/files/id/170768 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38754 – CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-38754
08 Dec 2022 — A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malici... • https://marketplace.microfocus.com/itom/content/operations-bridge-manager-obm-2022-05-hotfixes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38753
https://notcve.org/view.php?id=CVE-2022-38753
28 Nov 2022 — This update resolves a multi-factor authentication bypass attack Esta actualización resuelve un ataque de omisión de autenticación multifactor • https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38755 – Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1
https://notcve.org/view.php?id=CVE-2022-38755
21 Nov 2022 — A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. Se ha identificado una vulnerabilidad en Micro Focus Filr en versiones anteriores a la 4.3.1.1. • https://portal.microfocus.com/s/article/KM000011886?language=en_US •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26331 – Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Self Cross-Site Scripting (XSS).
https://notcve.org/view.php?id=CVE-2022-26331
31 Aug 2022 — Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Logger. Las vulnerabilidades podrían ser explotadas de forma remota dando lugar a una Divulgación de Información, o ataques de tipo Cross-Sit... • https://portal.microfocus.com/s/article/KM000010167?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26330 – Potential vulnerability has been identified in Micro Focus ArcSight Logger. The vulnerability could be remotely exploited resulting in Information Disclosure.
https://notcve.org/view.php?id=CVE-2022-26330
31 Aug 2022 — Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Logger. Las vulnerabilidades podrían explotarse de forma remota, resultando en una Divulgación de Información o ataques de tipo Cross-Site Sc... • https://portal.microfocus.com/s/article/KM000010167?language=en_US •