CVE-2021-38127
https://notcve.org/view.php?id=CVE-2021-38127
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Enterprise Security Manager, afectando las versiones 7.4.x y 7.5.x. Las vulnerabilidades podrían ser explotadas de forma remota resultando en ataques de tipo Cross-Site Scripting (XSS) • https://portal.microfocus.com/s/article/KM000003453?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-38126
https://notcve.org/view.php?id=CVE-2021-38126
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). Se han identificado posibles vulnerabilidades en Micro Focus ArcSight Enterprise Security Manager, afectando las versiones 7.4.x y 7.5.x. Las vulnerabilidades podrían ser explotadas de forma remota resultando en ataques de tipo Cross-Site Scripting (XSS) • https://portal.microfocus.com/s/article/KM000003453?language=en_US • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-38124
https://notcve.org/view.php?id=CVE-2021-38124
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution. Una vulnerabilidad de ejecución de código remota en el producto Micro Focus ArcSight Enterprise Security Manager (ESM), que afecta a las versiones 7.0.2 hasta 7.5. La vulnerabilidad podría ser explotada resultando en una ejecución de código remota • https://portal.microfocus.com/s/article/KM000001960 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2021-22535
https://notcve.org/view.php?id=CVE-2021-22535
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure. Una vulnerabilidad de divulgación de seguridad de información no autorizada en el producto Micro Focus Directory and Resource Administrator (DRA), que afecta a todas las versiones de DRA anteriores a 10.1 Parche 1. La vulnerabilidad podría conllevar a una divulgación no autorizada de información • https://support.microfocus.com/kb/doc.php?id=7025273 • CWE-863: Incorrect Authorization •
CVE-2021-22526 – Open Redirection vulnerability in NetIQ Access Manager versions prior to version 4.5.4 and 5.0.1
https://notcve.org/view.php?id=CVE-2021-22526
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 Una vulnerabilidad de Redirección Abierta en NetIQ Access Manager versiones anteriores a 5.0.1 y 4.5.4 • https://support.microfocus.com/kb/doc.php?id=7025257 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager501-release-notes/accessmanager501-release-notes.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •