Search
Find a vulnerability
Search criteria
18 vulnerabilities by Micro Focus International
CVE-2020-9521 (GCVE-0-2020-9521)
Vulnerability from nvd – Published: 2020-03-26 14:21 – Updated: 2024-08-04 10:34
VLAI
Summary
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
Severity
No CVSS data available.
CWE
- SQL injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03630615 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Micro Focus - Service Manager Automation (SMA) |
Affected:
2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus - Service Manager Automation (SMA)",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:31.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus - Service Manager Automation (SMA)",
"version": {
"version_data": [
{
"version_value": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03630615",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9521",
"datePublished": "2020-03-26T14:21:41.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:38.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9520 (GCVE-0-2020-9520)
Vulnerability from nvd – Published: 2020-03-25 20:59 – Updated: 2024-08-04 10:34
VLAI
Summary
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.
Severity
No CVSS data available.
CWE
- Stored XSS
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03630475 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Mar/50 | mailing-listx_refsource_FULLDISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Micro Focus Vibe. |
Affected:
All Vibe version prior to Vive 4.0.7.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Vibe.",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All Vibe version prior to Vive 4.0.7."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user\u2019s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Vibe.",
"version": {
"version_data": [
{
"version_value": "All Vibe version prior to Vive 4.0.7."
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user\u2019s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03630475",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9520",
"datePublished": "2020-03-25T20:59:48.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:39.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9518 (GCVE-0-2020-9518)
Vulnerability from nvd – Published: 2020-03-16 13:01 – Updated: 2024-08-04 10:34
VLAI
Summary
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.
Severity
No CVSS data available.
CWE
- Login filter can access configuration files
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03607792 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Service Manager (Web Tier). |
Affected:
9.50, 9.51, 9.52, 9.60, 9.61, 9.62
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager (Web Tier).",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Login filter can access configuration files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T13:01:28.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager (Web Tier).",
"version": {
"version_data": [
{
"version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Login filter can access configuration files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03607792",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9518",
"datePublished": "2020-03-16T13:01:28.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:39.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9519 (GCVE-0-2020-9519)
Vulnerability from nvd – Published: 2020-03-16 13:00 – Updated: 2024-08-04 10:34
VLAI
Summary
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.
Severity
No CVSS data available.
CWE
- HTTP methods reveled in Web services.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03607789 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Service Manager (Server). |
Affected:
9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager (Server).",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP methods reveled in Web services.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T13:00:11.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager (Server).",
"version": {
"version_data": [
{
"version_value": "9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP methods reveled in Web services."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03607789",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9519",
"datePublished": "2020-03-16T13:00:11.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:38.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9517 (GCVE-0-2020-9517)
Vulnerability from nvd – Published: 2020-03-09 15:54 – Updated: 2024-08-04 10:34
VLAI
Summary
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
Severity
No CVSS data available.
CWE
- Improper restriction of rendered UI layers or frames
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03604692 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Service Manager |
Affected:
9.50, 9.60
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.50, 9.60"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:03.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.50, 9.60"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper restriction of rendered UI layers or frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03604692",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9517",
"datePublished": "2020-03-09T15:54:33.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:38.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11657 (GCVE-0-2019-11657)
Vulnerability from nvd – Published: 2019-12-17 22:05 – Updated: 2024-08-04 23:03
VLAI
Summary
Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack.
Severity
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | ArcSight Logger |
Affected:
All ArcSight Logger prior to version 7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-0/ta-p/2750305?attachment-id=76910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All ArcSight Logger prior to version 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:29.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-0/ta-p/2750305?attachment-id=76910"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "All ArcSight Logger prior to version 7.0"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-0/ta-p/2750305?attachment-id=76910",
"refsource": "MISC",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-0/ta-p/2750305?attachment-id=76910"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11657",
"datePublished": "2019-12-17T22:05:07.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17087 (GCVE-0-2019-17087)
Vulnerability from nvd – Published: 2019-12-11 22:11 – Updated: 2024-08-05 01:33
VLAI
Summary
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.
Severity
No CVSS data available.
CWE
- Unauthorized file download.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03569662 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | AcuToWeb |
Affected:
All supported versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03569662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AcuToWeb",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All supported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized file download.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03569662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-17087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AcuToWeb",
"version": {
"version_data": [
{
"version_value": "All supported versions"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized file download."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03569662",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03569662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-17087",
"datePublished": "2019-12-11T22:11:30.000Z",
"dateReserved": "2019-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17085 (GCVE-0-2019-17085)
Vulnerability from nvd – Published: 2019-11-18 20:16 – Updated: 2024-08-05 01:33
VLAI
Summary
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
Severity
No CVSS data available.
CWE
- XXE attack
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03556426 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Operations Agent |
Affected:
12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operations Agent",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-17085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Agent",
"version": {
"version_data": [
{
"version_value": "12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03556426",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-17085",
"datePublished": "2019-11-18T20:16:28.000Z",
"dateReserved": "2019-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5182 (GCVE-0-2017-5182)
Vulnerability from nvd – Published: 2017-01-23 15:00 – Updated: 2024-08-05 14:55
VLAI
Summary
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).
Severity
No CVSS data available.
CWE
- unauthenticated directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.novell.com/support/kb/doc.php?id=7018503 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037689 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/95743 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Open Enterprise Server |
Affected:
All
|
Date Public
2017-01-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018503"
},
{
"name": "1037689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037689"
},
{
"name": "95743",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95743"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Open Enterprise Server",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-01-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018503"
},
{
"name": "1037689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037689"
},
{
"name": "95743",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95743"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-5182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Enterprise Server",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7018503",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7018503"
},
{
"name": "1037689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037689"
},
{
"name": "95743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95743"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-5182",
"datePublished": "2017-01-23T15:00:00.000Z",
"dateReserved": "2017-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:55:35.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9521 (GCVE-0-2020-9521)
Vulnerability from cvelistv5 – Published: 2020-03-26 14:21 – Updated: 2024-08-04 10:34
VLAI
Summary
An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection.
Severity
No CVSS data available.
CWE
- SQL injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03630615 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Micro Focus - Service Manager Automation (SMA) |
Affected:
2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus - Service Manager Automation (SMA)",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:31.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus - Service Manager Automation (SMA)",
"version": {
"version_data": [
{
"version_value": "2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SQL injection vulnerability was discovered in Micro Focus Service Manager Automation (SMA), affecting versions 2019.08, 2019.05, 2019.02, 2018.08, 2018.05, 2018.02. The vulnerability could allow for the improper neutralization of special elements in SQL commands and may lead to the product being vulnerable to SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03630615",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630615"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9521",
"datePublished": "2020-03-26T14:21:41.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:38.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9520 (GCVE-0-2020-9520)
Vulnerability from cvelistv5 – Published: 2020-03-25 20:59 – Updated: 2024-08-04 10:34
VLAI
Summary
A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user’s browser.
Severity
No CVSS data available.
CWE
- Stored XSS
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03630475 | x_refsource_MISC |
| http://seclists.org/fulldisclosure/2020/Mar/50 | mailing-listx_refsource_FULLDISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Micro Focus Vibe. |
Affected:
All Vibe version prior to Vive 4.0.7.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Vibe.",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All Vibe version prior to Vive 4.0.7."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user\u2019s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:34.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Vibe.",
"version": {
"version_data": [
{
"version_value": "All Vibe version prior to Vive 4.0.7."
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored XSS vulnerability was discovered in Micro Focus Vibe, affecting all Vibe version prior to 4.0.7. The vulnerability could allows a remote attacker to craft and store malicious content into Vibe such that when the content is viewed by another user of the system, attacker controlled JavaScript will execute in the security context of the target user\u2019s browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stored XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03630475",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03630475"
},
{
"name": "20200327 [SYSS-2019-047] Micro Focus Vibe - Cross-Site Scripting (CVE-2020-9520)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Mar/50"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9520",
"datePublished": "2020-03-25T20:59:48.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:39.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9518 (GCVE-0-2020-9518)
Vulnerability from cvelistv5 – Published: 2020-03-16 13:01 – Updated: 2024-08-04 10:34
VLAI
Summary
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.
Severity
No CVSS data available.
CWE
- Login filter can access configuration files
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03607792 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Service Manager (Web Tier). |
Affected:
9.50, 9.51, 9.52, 9.60, 9.61, 9.62
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager (Web Tier).",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Login filter can access configuration files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T13:01:28.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager (Web Tier).",
"version": {
"version_data": [
{
"version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Login filter can access configuration files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03607792",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9518",
"datePublished": "2020-03-16T13:01:28.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:39.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9519 (GCVE-0-2020-9519)
Vulnerability from cvelistv5 – Published: 2020-03-16 13:00 – Updated: 2024-08-04 10:34
VLAI
Summary
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.
Severity
No CVSS data available.
CWE
- HTTP methods reveled in Web services.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03607789 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Service Manager (Server). |
Affected:
9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager (Server).",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP methods reveled in Web services.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T13:00:11.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager (Server).",
"version": {
"version_data": [
{
"version_value": "9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP methods reveled in Web services."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03607789",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9519",
"datePublished": "2020-03-16T13:00:11.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:38.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9517 (GCVE-0-2020-9517)
Vulnerability from cvelistv5 – Published: 2020-03-09 15:54 – Updated: 2024-08-04 10:34
VLAI
Summary
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
Severity
No CVSS data available.
CWE
- Improper restriction of rendered UI layers or frames
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03604692 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Service Manager |
Affected:
9.50, 9.60
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.50, 9.60"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:03.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.50, 9.60"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper restriction of rendered UI layers or frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03604692",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9517",
"datePublished": "2020-03-09T15:54:33.000Z",
"dateReserved": "2020-03-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:34:38.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11657 (GCVE-0-2019-11657)
Vulnerability from cvelistv5 – Published: 2019-12-17 22:05 – Updated: 2024-08-04 23:03
VLAI
Summary
Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack.
Severity
No CVSS data available.
CWE
- Cross-Site Request Forgery
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://community.microfocus.com/t5/Logger/Logger… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | ArcSight Logger |
Affected:
All ArcSight Logger prior to version 7.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-0/ta-p/2750305?attachment-id=76910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Logger",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All ArcSight Logger prior to version 7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:29.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-0/ta-p/2750305?attachment-id=76910"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Logger",
"version": {
"version_data": [
{
"version_value": "All ArcSight Logger prior to version 7.0"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery vulnerability in all Micro Focus ArcSight Logger affecting all product versions below version 7.0. The vulnerability could be exploited to perform CSRF attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-0/ta-p/2750305?attachment-id=76910",
"refsource": "MISC",
"url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-7-0/ta-p/2750305?attachment-id=76910"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11657",
"datePublished": "2019-12-17T22:05:07.000Z",
"dateReserved": "2019-05-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:03:31.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17087 (GCVE-0-2019-17087)
Vulnerability from cvelistv5 – Published: 2019-12-11 22:11 – Updated: 2024-08-05 01:33
VLAI
Summary
Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under.
Severity
No CVSS data available.
CWE
- Unauthorized file download.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03569662 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | AcuToWeb |
Affected:
All supported versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03569662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AcuToWeb",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All supported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthorized file download.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:53.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03569662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-17087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AcuToWeb",
"version": {
"version_data": [
{
"version_value": "All supported versions"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized file download."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03569662",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03569662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-17087",
"datePublished": "2019-12-11T22:11:30.000Z",
"dateReserved": "2019-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17085 (GCVE-0-2019-17085)
Vulnerability from cvelistv5 – Published: 2019-11-18 20:16 – Updated: 2024-08-05 01:33
VLAI
Summary
XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent.
Severity
No CVSS data available.
CWE
- XXE attack
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://softwaresupport.softwaregrp.com/doc/KM03556426 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Operations Agent |
Affected:
12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:16.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operations Agent",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE attack",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-17085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Agent",
"version": {
"version_data": [
{
"version_value": "12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XXE attack vulnerability on Micro Focus Operations Agent, affected version 12.0, 12.01, 12.02, 12.03, 12.04, 12.05, 12.06, 12.10, 12.11. The vulnerability could be exploited to do an XXE attack on Operations Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE attack"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03556426",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03556426"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-17085",
"datePublished": "2019-11-18T20:16:28.000Z",
"dateReserved": "2019-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:33:16.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5182 (GCVE-0-2017-5182)
Vulnerability from cvelistv5 – Published: 2017-01-23 15:00 – Updated: 2024-08-05 14:55
VLAI
Summary
Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077).
Severity
No CVSS data available.
CWE
- unauthenticated directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.novell.com/support/kb/doc.php?id=7018503 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037689 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/95743 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Micro Focus International | Open Enterprise Server |
Affected:
All
|
Date Public
2017-01-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:55:35.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018503"
},
{
"name": "1037689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037689"
},
{
"name": "95743",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95743"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Open Enterprise Server",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "All"
}
]
}
],
"datePublic": "2017-01-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthenticated directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:47.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.novell.com/support/kb/doc.php?id=7018503"
},
{
"name": "1037689",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037689"
},
{
"name": "95743",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95743"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2017-5182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Open Enterprise Server",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all versions of OES for linux, it applies to OES2015 SP1 before Maintenance Update 11080, OES2015 before Maintenance Update 11079, OES11 SP3 before Maintenance Update 11078, OES11 SP2 before Maintenance Update 11077)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthenticated directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.novell.com/support/kb/doc.php?id=7018503",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7018503"
},
{
"name": "1037689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037689"
},
{
"name": "95743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95743"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2017-5182",
"datePublished": "2017-01-23T15:00:00.000Z",
"dateReserved": "2017-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T14:55:35.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}