CVSS: 10.0EPSS: 3%CPEs: 13EXPL: 0CVE-2021-22504
https://notcve.org/view.php?id=CVE-2021-22504
12 Feb 2021 — Arbitrary code execution vulnerability on Micro Focus Operations Bridge Manager product, affecting versions 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. The vulnerability could allow remote attackers to execute arbitrary code on an OBM server. Una vulnerabilidad de ejecución de código arbitraria en el producto Micro Focus Operations Bridge Manager, afectan a versiones 10.1x, 10.6x, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. La vulnerabilidad podría permitir a atacantes... • https://softwaresupport.softwaregrp.com/doc/KM03777855 •
CVSS: 10.0EPSS: 94%CPEs: 1EXPL: 1CVE-2021-22502 – Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22502
08 Feb 2021 — Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server. Una vulnerabilidad de ejecución de Código Remota en el producto Micro Focus Operation Bridge Reporter (OBR), afectando a la versión 10.40. La vulnerabilidad podría ser explotada para permitir una Ejecución de Código Remota en el servidor OBR This vulnerability allows remote attackers to execute arbitra... • https://packetstorm.news/files/id/162408 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22500
https://notcve.org/view.php?id=CVE-2021-22500
06 Feb 2021 — Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing. Una vulnerabilidad de tipo Cross Site Request Forgery en el producto Micro Focus Application Performance Management, afectando a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría ser explotada por un atacante para engañar a usuarios a que ejecu... • https://softwaresupport.softwaregrp.com/doc/KM03775253 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22499
https://notcve.org/view.php?id=CVE-2021-22499
06 Feb 2021 — Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack. Una vulnerabilidad de tipo Cross-Site scripting persistente en el producto Micro Focus Application Performance Management, afecta a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría permitir un ataque de tipo XSS persistente • https://softwaresupport.softwaregrp.com/doc/KM03775253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2021-22498
https://notcve.org/view.php?id=CVE-2021-22498
19 Jan 2021 — XML External Entity Injection vulnerability in Micro Focus Application Lifecycle Management (Previously known as Quality Center) product. The vulnerability affects versions 12.x, 12.60 Patch 5 and earlier, 15.0.1 Patch 2 and earlier and 15.5. The vulnerability could be exploited to allow an XML External Entity Injection. Vulnerabilidad de Inyección de Entidad Externa XML en el producto Micro Focus Application Lifecycle Management (anteriormente se conoce como Quality Center). La vulnerabilidad afecta a... • https://softwaresupport.softwaregrp.com/doc/KM03771781 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-25838
https://notcve.org/view.php?id=CVE-2020-25838
11 Dec 2020 — Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. Una vulnerabilidad de divulgación de información confidencial no autorizada en el producto Micro Focus Filr. Afectando a todas las versiones 3.x y 4.x. • https://softwaresupport.softwaregrp.com/doc/KM03767186 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-25839
https://notcve.org/view.php?id=CVE-2020-25839
20 Nov 2020 — NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1. NetIQ Identity Manager versiones 4.8 anteriores a 4.8 SP2 HF1, está afectado por una vulnerabilidad de inyección. Esta vulnerabilidad es corregida en NetIQ IdM versión 4.8 SP2 HF1 • https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4821_apps/data/releasenotes_idm4821_apps.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25833
https://notcve.org/view.php?id=CVE-2020-25833
17 Nov 2020 — Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7. The vulnerability could be exploited to perform Persistent XSS attack. Una vulnerabilidad de tipo cross-Site Scripting persistente en el producto Micro Focus IDOL, afectando a todas las versiones anteriores a 12.7. La vulnerabilidad podría ser explotada para llevar a cabo un ataque de tipo XSS persistente • https://softwaresupport.softwaregrp.com/doc/KM03763397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25832
https://notcve.org/view.php?id=CVE-2020-25832
17 Nov 2020 — Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. The vulnerability could be exploited to perform Reflected XSS attack. Una vulnerabilidad de tipo Cross Site scripting reflejada en el producto Micro Focus Filr, afectando a la versión 4.2.1. La vulnerabilidad podría ser explotada para llevar a cabo un ataque de tipo XSS reflejado • https://softwaresupport.softwaregrp.com/doc/KM03763396 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 1CVE-2020-11851
https://notcve.org/view.php?id=CVE-2020-11851
17 Nov 2020 — Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in the execution of arbitrary code. Una vulnerabilidad de ejecución de código arbitraria en el producto Micro Focus ArcSight Logger, afectando a todas las versiones anteriores a 7.1.1. La vulnerabilidad podría ser explotada remotamente resultando en una ejecución de código arbitraria • https://github.com/ch1nghz/CVE-2020-11851 • CWE-94: Improper Control of Generation of Code ('Code Injection') •