CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-22514
https://notcve.org/view.php?id=CVE-2021-22514
28 Apr 2021 — An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM. Se presenta una vulnerabilidad de ejecución de código arbitrario en Micro Focus Application Performance Management, que afecta a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría permitir a atacantes remotos ejecutar código arbitrario en instalaciones afec... • https://softwaresupport.softwaregrp.com/doc/KM03806649 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22500
https://notcve.org/view.php?id=CVE-2021-22500
06 Feb 2021 — Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing. Una vulnerabilidad de tipo Cross Site Request Forgery en el producto Micro Focus Application Performance Management, afectando a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría ser explotada por un atacante para engañar a usuarios a que ejecu... • https://softwaresupport.softwaregrp.com/doc/KM03775253 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22499
https://notcve.org/view.php?id=CVE-2021-22499
06 Feb 2021 — Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack. Una vulnerabilidad de tipo Cross-Site scripting persistente en el producto Micro Focus Application Performance Management, afecta a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría permitir un ataque de tipo XSS persistente • https://softwaresupport.softwaregrp.com/doc/KM03775253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 91%CPEs: 24EXPL: 1CVE-2020-11854 – Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
https://notcve.org/view.php?id=CVE-2020-11854
27 Oct 2020 — Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.... • https://packetstorm.news/files/id/161182 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 91%CPEs: 36EXPL: 2CVE-2020-11853 – Arbitrary code execution vulnerability on multiple Micro Focus products
https://notcve.org/view.php?id=CVE-2020-11853
22 Oct 2020 — Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) • https://packetstorm.news/files/id/161182 •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2017-14350 – Hewlett Packard Enterprise Application Performance Management Staging Data Replicator hpbsmsdr Missing Authentication for Critical Function Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-14350
26 Sep 2017 — A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution. Se ha identificado una vulnerabilidad de seguridad potencial en HPE Application Performance Management (BSM) Platform en versiones 9.26, 9.30 y 9.40. La vulnerabilidad podría explotarse de forma remota para permitir la ejecución de código. This vulnerability allows remote attackers to execute arbitrar... • http://www.securityfocus.com/bid/100988 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-13984 – Hewlett Packard Enterprise Application Performance Management System Health SHExportToExcel Servlet Directory Traversal Arbitrary File Deletion Vulnerability
https://notcve.org/view.php?id=CVE-2017-13984
07 Sep 2017 — An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos eliminen archivos arbitrarios mediante un salto de directorio servlet. This vulnerability allows remote attackers to delete a... • http://www.zerodayinitiative.com/advisories/ZDI-17-720 • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 3%CPEs: 3EXPL: 0CVE-2017-13982 – Hewlett Packard Enterprise Application Performance Management System Health UploadManager Servlet Directory Traversal Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2017-13982
07 Sep 2017 — A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files. Una vulnerabilidad de salto de directorio en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios suban archivos sin restricción. This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of Hewlett Packard Enterprise ... • http://www.securityfocus.com/bid/101199 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 20%CPEs: 3EXPL: 0CVE-2017-13983 – Hewlett Packard Enterprise Application Performance Management System Health Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2017-13983
07 Sep 2017 — An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to bypass authentication. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos omitan la autenticación. This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Hewlett Packard Enterprise Applicati... • http://www.zerodayinitiative.com/advisories/ZDI-17-722 • CWE-287: Improper Authentication •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13985 – Hewlett Packard Enterprise Application Performance Management System Health Email Servlet Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-13985
07 Sep 2017 — An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to traverse directory leading to disclosure of information. Una vulnerabilidad de autenticación en HPE BSM Platform Application Performance Management System Health en versiones 9.26, 9.30 y 9.40 permite que los usuarios remotos salten directorios, lo que conduce a una divulgación de información. This vulnerability allows remote attackers to disclose ... • http://zerodayinitiative.com/advisories/ZDI-17-721 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •