CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2021-22531
https://notcve.org/view.php?id=CVE-2021-22531
12 May 2022 — A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0 Se presenta un bug en el parámetro input de Access Manager que permite a el suministro de caracteres no válidos desencadenar una vulnerabilidad de tipo cross-site scripting. Esto afecta a NetIQ Access Manager versiones 4.5 y 5.0 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26326 – Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2
https://notcve.org/view.php?id=CVE-2022-26326
02 May 2022 — Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 Una potencial vulnerabilidad de redireccionamiento abierto cuando la URL está diseñada en un formato específico en NetIQ Access Manager versiones anteriores a 5.0.2 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26325 – Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2
https://notcve.org/view.php?id=CVE-2022-26325
02 May 2022 — Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 Una vulnerabilidad de tipo Cross Site Scripting (XSS) Reflejado en NetIQ Access Manager versiones anteriores a 5.0.2 • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 2EXPL: 0CVE-2021-38125
https://notcve.org/view.php?id=CVE-2021-38125
11 Apr 2022 — Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution. Una Ejecución de código remoto no autenticado en Micro Focus Operations Bridge en contenedor, afectando a versiones 2021.05, 2021.08 y versiones más recientes de Micro Focus Operations Bri... • https://portal.microfocus.com/s/article/KM000005303?language=en_US •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38130 – Voltage SecureMail Server Business Logic Bypass
https://notcve.org/view.php?id=CVE-2021-38130
04 Feb 2022 — A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. Se ha identificado una posible vulnerabilidad de filtrado de información en las versiones de Micro Focus Voltage SecureMail Mail Relay anteriores a 7.3.0.1. La vulnerabilidad podría ser explotada para crear un ataque de filtrado de información Voltage SecureMail Server versions prior to 7.3.0... • https://packetstorm.news/files/id/165876 •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38129
https://notcve.org/view.php?id=CVE-2021-38129
25 Jan 2022 — Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent. Una vulnerabilidad de escalada de privilegios en Micro Focus en Micro Focus Operations Agent, afectando a versiones 12.x hasta 12.21 incluyéndola. La vulnerabilidad podría ser aprovechada por un usuario local no privilegiado para acceder a lo... • https://portal.microfocus.com/s/article/KM000003539?language=en_US •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38127
https://notcve.org/view.php?id=CVE-2021-38127
14 Jan 2022 — Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Enterprise Security Manager, afectando las versiones 7.4.x y 7.5.x. Las vulnerabilidades podrían ser explotadas de forma remota resultando en ataques de tipo Cross-Site Scripting (XSS) • https://portal.microfocus.com/s/article/KM000003453?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38126
https://notcve.org/view.php?id=CVE-2021-38126
14 Jan 2022 — Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Enterprise Security Manager, afectando las versiones 7.4.x y 7.5.x. Las vulnerabilidades podrían ser explotadas de forma remota resultando en ataques de tipo Cross-Site Scripting (XSS) • https://portal.microfocus.com/s/article/KM000003453?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-38124
https://notcve.org/view.php?id=CVE-2021-38124
28 Sep 2021 — Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. Una vulnerabilidad de ejecución de código remota en el producto Micro Focus ArcSight Enterprise Security Manager (ESM), que afecta a las versiones 7.0.2 hasta 7.5. La vulnerabilidad podría ser explotada resultando en una ejecución de código remota • https://portal.microfocus.com/s/article/KM000001960 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22535
https://notcve.org/view.php?id=CVE-2021-22535
28 Sep 2021 — Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure. Una vulnerabilidad de divulgación de seguridad de información no autorizada en el producto Micro Focus Directory and Resource Administrator (DRA), que afecta a todas las versiones de DRA anteriores a 10.1 Parche 1. La vulnerabilidad podría conllevar a una divulgación... • https://support.microfocus.com/kb/doc.php?id=7025273 • CWE-863: Incorrect Authorization •