CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22507
https://notcve.org/view.php?id=CVE-2021-22507
08 Apr 2021 — Authentication bypass vulnerability in Micro Focus Operations Bridge Manager affects versions 2019.05, 2019.11, 2020.05 and 2020.10. The vulnerability could allow remote attackers to bypass user authentication and get unauthorized access. Una vulnerabilidad de omisión de autenticación en Micro Focus Operations Bridge Manager afecta a las versiones 2019.05, 2019.11, 2020.05 y 2020.10. La vulnerabilidad podría permitir a atacantes remotos omitir la autenticación de usuarios y obtener acceso no autorizado • https://softwaresupport.softwaregrp.com/doc/KM03793283 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25840
https://notcve.org/view.php?id=CVE-2020-25840
26 Mar 2021 — Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. Una vulnerabilidad de tipo Cross-Site scripting en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0. La vulnerabilidad podría causar una destrucción de la configuración. • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 37%CPEs: 1EXPL: 0CVE-2021-22506 – Micro Focus Access Manager Information Leakage Vulnerability
https://notcve.org/view.php?id=CVE-2021-22506
26 Mar 2021 — Advance configuration exposing Information Leakage vulnerability in Micro Focus Access Manager product, affects all versions prior to version 5.0. The vulnerability could cause information leakage. Una configuración avanzada que expone una vulnerabilidad de Filtrado de Información en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0. La vulnerabilidad podría causar un filtrado de información. Micro Focus Access Manager contains an information leakage vulnerability res... • https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22496
https://notcve.org/view.php?id=CVE-2021-22496
25 Mar 2021 — Authentication Bypass Vulnerability in Micro Focus Access Manager Product, affects all version prior to version 4.5.3.3. The vulnerability could cause information leakage. Una vulnerabilidad de Omisión de Autenticación en Micro Focus Access Manager Product afecta a todas las versiones anteriores a 4.5.3.3. La vulnerabilidad podría causar una filtración de información • https://www.netiq.com/documentation/access-manager-45-appliance/accessmanager453-p3-release-notes/data/accessmanager453-p3-release-notes.html • CWE-287: Improper Authentication •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18943 – XML External Entity processing
https://notcve.org/view.php?id=CVE-2019-18943
26 Feb 2021 — Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. Micro Focus Solutions Business Manager versiones anteriores a 11.7.1, son vulnerables a un ataque de tipo XML External Entity Processing (XXE) en determinadas operaciones • http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18942 – Stored cross site scripting
https://notcve.org/view.php?id=CVE-2019-18942
26 Feb 2021 — Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. Micro Focus Solutions Business Manager versiones anteriores a 11.7.1, son vulnerables a un ataque de tipo XSS almacenado. La aplicación refleja la entrada del usuario almacenada previamente sin codificación • http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18944
https://notcve.org/view.php?id=CVE-2019-18944
26 Feb 2021 — Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. Micro Focus Solutions Business Manager Application Repository versiones anteriores a 11.7.1, son vulnerables a un ataque de tipo XSS reflejado • http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18945 – privilege escalation
https://notcve.org/view.php?id=CVE-2019-18945
26 Feb 2021 — Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. Micro Focus Solutions Business Manager Application Repository versiones anteriores a 11.7.1, son vulnerables a una vulnerabilidad de escalada de privilegios • http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18947 – information disclosure
https://notcve.org/view.php?id=CVE-2019-18947
26 Feb 2021 — Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. Micro Focus Solutions Business Manager Application Repository versiones anteriores a 11.7.1, son vulnerables a una divulgación de información • http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18946 – Session fixation
https://notcve.org/view.php?id=CVE-2019-18946
26 Feb 2021 — Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. Micro Focus Solutions Business Manager Application Repository versiones anteriores a 11.7.1, son vulnerables a una fijación de sesiones • http://knowledgebase.serena.com/resources/sites/KNOWLEDGEBASE/content/live/SOLUTIONS/142000/S142001/en_US/sbm_11.7.1_security_bulletin.htm • CWE-384: Session Fixation •