CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6489
https://notcve.org/view.php?id=CVE-2018-6489
XML External Entity (XXE) vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability can be exploited to allow XML External Entity (XXE) Vulnerabilidad XEE (XML External Entity) en Micro Focus Project and Portfolio Management Center 9.32. Esta vulnerabilidad puede ser explotada para permitir XEE (XML External Entity). • https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14361 – MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2017-14361
Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack. Vulnerabilidad Man-in-the-Middle (MitM) en Micro Focus Project and Portfolio Management Center 9.32. Esto podría ser explotado para permitir ataques Man-in-the-Middle. • http://www.securitytracker.com/id/1040088 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14362 – MFSBGN03793 rev.1 - Project and Portfolio Management Center, Multiple vulnerabilities
https://notcve.org/view.php?id=CVE-2017-14362
Cross-Site Request Forgery vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Cross-Site Forgery attack. Vulnerabilidad Cross-Site Request Forgery (CSRF) en Micro Focus Project and Portfolio Management Center 9.32. Esto podría ser explotado para permitir ataques Cross-Site Forgery. • http://www.securitytracker.com/id/1040088 https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03014426 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2017-8993
https://notcve.org/view.php?id=CVE-2017-8993
A Remote Cross-Site Scripting vulnerability in HPE Project and Portfolio Management (PPM) version v9.30, v9.31, v9.32, v9.40 was found. IBM Maximo Asset Management versiones 7.5 y 7.6 podría permitir que un atacante remoto incluya archivos arbitrarios y, como consecuencia, ejecute código en el servidor Web vulnerable. IBM X-Force ID: 129106. • http://www.securityfocus.com/bid/100087 http://www.securitytracker.com/id/1039065 https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03766en_us • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •