CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-22514
https://notcve.org/view.php?id=CVE-2021-22514
28 Apr 2021 — An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of APM. Se presenta una vulnerabilidad de ejecución de código arbitrario en Micro Focus Application Performance Management, que afecta a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría permitir a atacantes remotos ejecutar código arbitrario en instalaciones afec... • https://softwaresupport.softwaregrp.com/doc/KM03806649 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22500
https://notcve.org/view.php?id=CVE-2021-22500
06 Feb 2021 — Cross Site Request Forgery vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could be exploited by attacker to trick the users into executing actions of the attacker's choosing. Una vulnerabilidad de tipo Cross Site Request Forgery en el producto Micro Focus Application Performance Management, afectando a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría ser explotada por un atacante para engañar a usuarios a que ejecu... • https://softwaresupport.softwaregrp.com/doc/KM03775253 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-22499
https://notcve.org/view.php?id=CVE-2021-22499
06 Feb 2021 — Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack. Una vulnerabilidad de tipo Cross-Site scripting persistente en el producto Micro Focus Application Performance Management, afecta a versiones 9.40, 9.50 y 9.51. La vulnerabilidad podría permitir un ataque de tipo XSS persistente • https://softwaresupport.softwaregrp.com/doc/KM03775253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 91%CPEs: 24EXPL: 1CVE-2020-11854 – Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) products.
https://notcve.org/view.php?id=CVE-2020-11854
27 Oct 2020 — Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.... • https://packetstorm.news/files/id/161182 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 91%CPEs: 36EXPL: 2CVE-2020-11853 – Arbitrary code execution vulnerability on multiple Micro Focus products
https://notcve.org/view.php?id=CVE-2020-11853
22 Oct 2020 — Arbitrary code execution vulnerability affecting multiple Micro Focus products. 1.) Operation Bridge Manager affecting version: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, versions 10.6x and 10.1x and older versions. 2.) Application Performance Management affecting versions : 9.51, 9.50 and 9.40 with uCMDB 10.33 CUP 3 3.) Data Center Automation affected version 2019.11 4.) Operations Bridge (containerized) affecting versions: 2019.11, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05, 2018.02, 2017.11 5.) • https://packetstorm.news/files/id/161182 •