CVE-2020-25835 – Micro Focus ArcSight Management Center Remote Vulnerability
https://notcve.org/view.php?id=CVE-2020-25835
A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). Se ha identificado una vulnerabilidad potencial en Micro Focus ArcSight Management Center. La vulnerabilidad podría explotarse de forma remota, lo que daría como resultado Cross-Site Scripting (XSS) almacenado. • https://community.microfocus.com/cfs-file/__key/communityserver-wikis-components-files/00-00-00-00-29/5037.ArcMC_5F00_RelNotes_5F00_2_2D00_9_2D00_6.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-32268 – Administrator equivalent Filr user can access proxy administrator credentials
https://notcve.org/view.php?id=CVE-2023-32268
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. Exposición de las credenciales de administrador proxy un usuario de Filr equivalente a un administrador autenticado puede acceder a las credenciales de los administradores proxy. • https://portal.microfocus.com/s/article/KM000020081?language=en_US • CWE-522: Insufficiently Protected Credentials •
CVE-2023-5913 – A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API.
https://notcve.org/view.php?id=CVE-2023-5913
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. Vulnerabilidad de asignación de privilegios incorrecta en texto abierto Fortify ScanCentral DAST. La vulnerabilidad podría aprovecharse para obtener privilegios elevados. Este problema afecta a Fortify ScanCentral DAST versiones 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1. • https://portal.microfocus.com/s/article/KM000023500?language=en_US • CWE-266: Incorrect Privilege Assignment •
CVE-2023-4964 – Potential open redirect vulnerability in opentext SMAX and AMX product.
https://notcve.org/view.php?id=CVE-2023-4964
Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites. Posible vulnerabilidad de redireccionamiento abierto en opentext Service Management Automation X (SMAX) versiones 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 y opentext Asset Management X (AMX) versiones 2021.08, 2 021.11, 2022.05, 2022.11. La vulnerabilidad podría permitir a los atacantes redirigir a un usuario a sitios web maliciosos. • https://portal.microfocus.com/s/article/KM000022703?language=en_US • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2023-4501 – Authentication bypass in OpenText (Micro Focus) Enterprise Server
https://notcve.org/view.php?id=CVE-2023-4501
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password. • https://portal.microfocus.com/s/article/KM000021287 • CWE-253: Incorrect Check of Function Return Value CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness CWE-358: Improperly Implemented Security Check for Standard •