CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2021-22517
https://notcve.org/view.php?id=CVE-2021-22517
A potential unauthorized privilege escalation vulnerability has been identified in Micro Focus Data Protector. The vulnerability affects versions 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 and 10.91. A privileged user may potentially misuse this feature and thus allow unintended and unauthorized access of data. Se ha identificado una posible vulnerabilidad de escalada de privilegios no autorizada en Micro Focus Data Protector. La vulnerabilidad afecta las versiones 10.10, 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.0 y 10.91. • https://portal.microfocus.com/s/article/KM000001460 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22521
https://notcve.org/view.php?id=CVE-2021-22521
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges. Se ha identificado una vulnerabilidad de escalada de privilegios en Micro Focus ZENworks Configuration Management, afectando la versión 2020 Update 1 y a todas las versiones anteriores. La vulnerabilidad podría ser explotada para alcanzar privilegios del sistema no autorizados • https://support.microfocus.com/kb/doc.php?id=7025205 • CWE-863: Incorrect Authorization •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22523
https://notcve.org/view.php?id=CVE-2021-22523
XML External Entity vulnerability in Micro Focus Verastream Host Integrator, affecting version 7.8 Update 1 and earlier versions. The vulnerability could allow the control of web browser and hijacking user sessions. Una vulnerabilidad detipo XML External Entity en Micro Focus Verastream Host Integrator, que afecta a versión 7.8 Update 1 y versiones anteriores. La vulnerabilidad podría permitir el control del navegador web y el secuestro de las sesiones de usuarios • https://support.microfocus.com/kb/doc.php?id=7025169 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22522
https://notcve.org/view.php?id=CVE-2021-22522
Reflected Cross-Site Scripting vulnerability in Micro Focus Verastream Host Integrator, affecting version version 7.8 Update 1 and earlier versions. The vulnerability could allow disclosure of confidential data. Una vulnerabilidad de tipo Cross-Site Scripting Reflejado en Micro Focus Verastream Host Integrator, que afecta a versión 7.8 Update 1 y versiones anteriores. La vulnerabilidad podría permitir una divulgación de datos confidenciales • https://support.microfocus.com/kb/doc.php?id=7025169 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-22515 – Multi-Factor Authentication (MFA) downgrade exposure in NetIQ Advanced Authentication Server
https://notcve.org/view.php?id=CVE-2021-22515
Multi-Factor Authentication (MFA) functionality can be bypassed, allowing the use of single factor authentication in NetIQ Advanced Authentication versions prior to 6.3 SP4 Patch 1. Una funcionalidad de Autenticación Multifactor (MFA) puede ser omitida, permitiendo el uso de la autenticación de un solo factor en NetIQ Advanced Authentication versiones anteriores a 6.3 SP4 Parche 1 • https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6341/data/advanced-authentication-releasenotes-6341.html • CWE-863: Incorrect Authorization •