Search criteria
515 vulnerabilities
CVE-2023-24468 (GCVE-0-2023-24468)
Vulnerability from cvelistv5 – Published: 2023-03-15 00:00 – Updated: 2025-02-27 14:45
VLAI?
Summary
Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
Severity ?
No CVSS data available.
CWE
- Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Advanced Authentication |
Affected:
versions prior to 6.4.1.1 and 6.3.7.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:56:04.192Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-24468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T14:44:14.484104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T14:45:24.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Advanced Authentication",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "versions prior to 6.4.1.1 and 6.3.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-15T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-63/advanced-authentication-releasenotes-6372/data/advanced-authentication-releasenotes-6372.html"
},
{
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-6411/data/advanced-authentication-releasenotes-6411.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2023-24468",
"datePublished": "2023-03-15T00:00:00.000Z",
"dateReserved": "2023-01-23T00:00:00.000Z",
"dateUpdated": "2025-02-27T14:45:24.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38758 (GCVE-0-2022-38758)
Vulnerability from cvelistv5 – Published: 2023-01-25 00:00 – Updated: 2025-03-27 20:15
VLAI?
Summary
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.
Severity ?
7.2 (High)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ iManager |
Affected:
NetIQ iManager , < 3.2.6
(custom)
|
Credits
Special thanks to Kajetan Rostojek for responsibly disclosing this information to us.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38758",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T20:15:16.517246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T20:15:28.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ALL"
],
"product": "NetIQ iManager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "3.2.6",
"status": "affected",
"version": "NetIQ iManager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks to Kajetan Rostojek for responsibly disclosing this information to us."
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user\u0027s browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/imanager-32/imanager326_releasenotes/data/imanager326_releasenotes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "XSS vulnerabilities in iManager",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to NetIQ iManager 3.2.6 or higher."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38758",
"datePublished": "2023-01-25T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-03-27T20:15:28.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26329 (GCVE-0-2022-26329)
Vulnerability from cvelistv5 – Published: 2023-01-24 00:00 – Updated: 2025-04-01 17:56
VLAI?
Summary
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
Severity ?
CWE
- CWE-538 - File and Directory Information Exposure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Identity Manager |
Affected:
NetIQ Identity Manager , < 4.8.5
(custom)
|
Credits
Special thanks go to Kajetan Rostojek for responsibly disclosing this information to us.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.373Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26329",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-01T17:55:26.561768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-01T17:56:30.791Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"ALL"
],
"product": "NetIQ Identity Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "4.8.5",
"status": "affected",
"version": "NetIQ Identity Manager",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Special thanks go to Kajetan Rostojek for responsibly disclosing this information to us."
}
],
"descriptions": [
{
"lang": "en",
"value": "File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 File and Directory Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-24T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm485/data/software-fixes.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "File existence disclosue vulnerability in IDM plugin",
"workarounds": [
{
"lang": "en",
"value": "Update to the NetIQ Identity Manager 4.8.5 or above."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26329",
"datePublished": "2023-01-24T00:00:00.000Z",
"dateReserved": "2022-02-28T00:00:00.000Z",
"dateUpdated": "2025-04-01T17:56:30.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38757 (GCVE-0-2022-38757)
Vulnerability from cvelistv5 – Published: 2022-12-23 00:00 – Updated: 2025-04-15 13:22
VLAI?
Summary
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.
Severity ?
7.2 (High)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Micro Focus | ZENworks Configuration Management (ZCM) |
Affected:
ZENworks 2020 , ≤ Update 3a
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000012895?language=en_US"
},
{
"tags": [
"x_transferred"
],
"url": "https://kmviewer.saas.microfocus.com/#/PH_206719"
},
{
"tags": [
"x_transferred"
],
"url": "https://kmviewer.saas.microfocus.com/#/PH_206720"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-15T13:22:12.284300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T13:22:56.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ZENworks Configuration Management (ZCM)",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "Update 3a",
"status": "affected",
"version": "ZENworks 2020",
"versionType": "custom"
}
]
},
{
"product": "ZENworks Asset Management",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "Update 3a",
"status": "affected",
"version": "ZENworks 2020",
"versionType": "custom"
}
]
},
{
"product": "ZENworks Endpoint Security Management (ZESM)",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "Update 3a",
"status": "affected",
"version": "ZENworks 2020",
"versionType": "custom"
}
]
},
{
"product": "ZENworks Patch Management (ZPM)",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "Update 3a",
"status": "affected",
"version": "ZENworks 2020",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-23T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000012895?language=en_US"
},
{
"url": "https://kmviewer.saas.microfocus.com/#/PH_206719"
},
{
"url": "https://kmviewer.saas.microfocus.com/#/PH_206720"
}
],
"solutions": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of ZENworks:\n\n https://kmviewer.saas.microfocus.com/#/PH_206719 (ZENworks 2020 Update 2)\n https://kmviewer.saas.microfocus.com/#/PH_206720 (ZENworks 2020 Update 3a and ZENworks 2020 Update 3)"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-38757 ZENworks",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38757",
"datePublished": "2022-12-23T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-15T13:22:56.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38756 (GCVE-0-2022-38756)
Vulnerability from cvelistv5 – Published: 2022-12-16 00:00 – Updated: 2025-04-18 13:22
VLAI?
Summary
A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.
Severity ?
4.3 (Medium)
CWE
- A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus GroupWise Web |
Affected:
unspecified , < 18.4.2
(custom)
|
Credits
Micro Focus would like to thank Stefan Pietsch from Trovent Security GmbH for their work discovering and reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000012374?language=en_US"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/170768/Micro-Focus-GroupWise-Session-ID-Disclosure.html"
},
{
"name": "20230130 Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/28"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38756",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T13:22:15.425632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T13:22:18.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://seclists.org/fulldisclosure/2023/Jan/28"
},
{
"tags": [
"exploit"
],
"url": "https://packetstorm.news/files/id/170768"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus GroupWise Web",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "18.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": " Micro Focus would like to thank Stefan Pietsch from Trovent Security GmbH for their work discovering and reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A vulnerability has been identified in Micro Focus GroupWise Web in versions prior to 18.4.2. The GW Web component makes a request to the Post Office Agent that contains sensitive information in the query parameters that could be logged by any intervening HTTP proxies.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-31T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000012374?language=en_US"
},
{
"url": "http://packetstormsecurity.com/files/170768/Micro-Focus-GroupWise-Session-ID-Disclosure.html"
},
{
"name": "20230130 Trovent Security Advisory 2203-01 / Micro Focus GroupWise transmits session ID in URL",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Jan/28"
}
],
"solutions": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Micro Focus GroupWise:\n\n Please update to Micro Focus GroupWise 18.4.2 or newer"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "CVE-2022-38756 vulnerability in GW Web prior to 18.4.2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38756",
"datePublished": "2022-12-16T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-18T13:22:18.809Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38754 (GCVE-0-2022-38754)
Vulnerability from cvelistv5 – Published: 2022-12-08 00:00 – Updated: 2025-04-23 15:49
VLAI?
Summary
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Micro Focus | Micro Focus Operations Bridge Manager |
Affected:
unspecified , < 2022.11
(custom)
|
|||||||
|
|||||||||
Credits
Micro Focus would like to thank Adam Silviu for discovering and reporting the vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000012517?language=en_US"
},
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000012518?language=en_US"
},
{
"tags": [
"x_transferred"
],
"url": "https://marketplace.microfocus.com/itom/content/operations-bridge-manager-obm-2022-05-hotfixes"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:48:52.065197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T15:49:04.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Operations Bridge Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "2022.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Micro Focus Operations Bridge- Containerized",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "2022.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Adam Silviu for discovering and reporting the vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-08T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000012517?language=en_US"
},
{
"url": "https://portal.microfocus.com/s/article/KM000012518?language=en_US"
},
{
"url": "https://marketplace.microfocus.com/itom/content/operations-bridge-manager-obm-2022-05-hotfixes"
}
],
"solutions": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Micro Focus Operations Bridge - Containerized:\nFor releases older than Micro Focus Operations Bridge - Containerized 2022.11: Upgrade to Micro Focus Operations Bridge - Containerized 2022.11\n\nMicro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Micro Focus Operations Bridge Manager:\nFor releases older than Micro Focus Operations Bridge Manager 2022.05: Upgrade to Micro Focus Operations Manager 2022.11\nFor Micro Focus Operations Bridge Manager 2022.05: Install OBM_2022.05_Consolidated_Hotfix_Nov_2022 or later."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38754",
"datePublished": "2022-12-08T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-23T15:49:04.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38753 (GCVE-0-2022-38753)
Vulnerability from cvelistv5 – Published: 2022-11-28 00:00 – Updated: 2025-04-25 20:21
VLAI?
Summary
This update resolves a multi-factor authentication bypass attack
Severity ?
6.3 (Medium)
CWE
- MFA Factor Authentication bypass
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Advanced Authentication |
Affected:
NetIQ Advanced Authentication versions prior to 6.4 SP1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-38753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T20:20:41.639595Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T20:21:27.518Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Advanced Authentication",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "NetIQ Advanced Authentication versions prior to 6.4 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "This update resolves a multi-factor authentication bypass attack"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "MFA Factor Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-10T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://www.netiq.com/documentation/advanced-authentication-64/advanced-authentication-releasenotes-641/data/advanced-authentication-releasenotes-641.html#t4g4mvd1yivo"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38753",
"datePublished": "2022-11-28T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-25T20:21:27.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38755 (GCVE-0-2022-38755)
Vulnerability from cvelistv5 – Published: 2022-11-21 00:00 – Updated: 2025-04-29 20:32
VLAI?
Summary
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.
Severity ?
5.3 (Medium)
CWE
- Remote unauthenticated user enumeration
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus Filr |
Affected:
unspecified , < 4.3.1.1
(custom)
|
Credits
Micro Focus would like to thank Christopher Haller and Matthew Sparrow from Centripetal for their work discovering and reporting this vulnerability.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:02:14.472Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000011886?language=en_US"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38755",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T20:29:39.763755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:32:05.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Filr ",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "4.3.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to thank Christopher Haller and Matthew Sparrow from Centripetal for their work discovering and reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote unauthenticated user enumeration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-21T00:00:00.000Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000011886?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerability for the impacted versions of Micro Focus Filr:\nPlease update to Micro Focus Filr 4.3.1.1 or newer"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Filr Remote unauthenticated user enumeration for versions prior to 4.3.1.1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-38755",
"datePublished": "2022-11-21T00:00:00.000Z",
"dateReserved": "2022-08-25T00:00:00.000Z",
"dateUpdated": "2025-04-29T20:32:05.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26331 (GCVE-0-2022-26331)
Vulnerability from cvelistv5 – Published: 2022-08-31 15:52 – Updated: 2024-08-03 05:03
VLAI?
Summary
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions.
Severity ?
6.1 (Medium)
CWE
- Self Cross-Site Scripting
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus ArcSight Logger |
Affected:
unspecified , < v7.2.2
(custom)
|
Credits
Micro Focus would like to give a special thanks to Michal Skowron for responsibly disclosing those vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/support/downloads/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "v7.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to give a special thanks to Michal Skowron for responsibly disclosing those vulnerabilities."
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Self Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T20:15:52",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/support/downloads/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerabilities for the impacted versions of ArcSight Logger:\n\u2022\tLogger 7.2.2 https://www.microfocus.com/support/downloads/\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Self Cross-Site Scripting (XSS).",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26331",
"STATE": "PUBLIC",
"TITLE": "Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Self Cross-Site Scripting (XSS)."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus ArcSight Logger",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v7.2.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to give a special thanks to Michal Skowron for responsibly disclosing those vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Self Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/support/downloads/",
"refsource": "MISC",
"url": "https://www.microfocus.com/support/downloads/"
},
{
"name": "https://portal.microfocus.com/s/article/KM000010167?language=en_US",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"
}
]
},
"solution": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerabilities for the impacted versions of ArcSight Logger:\n\u2022\tLogger 7.2.2 https://www.microfocus.com/support/downloads/\n"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26331",
"datePublished": "2022-08-31T15:52:37",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26330 (GCVE-0-2022-26330)
Vulnerability from cvelistv5 – Published: 2022-08-31 15:52 – Updated: 2024-08-03 05:03
VLAI?
Summary
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions.
Severity ?
6.5 (Medium)
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Micro Focus ArcSight Logger |
Affected:
unspecified , < v7.2.2
(custom)
|
Credits
Micro Focus would like to give a special thanks to Michal Skowron for responsibly disclosing those vulnerabilities.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:31.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/support/downloads/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus ArcSight Logger",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "v7.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Micro Focus would like to give a special thanks to Michal Skowron for responsibly disclosing those vulnerabilities."
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T20:15:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/support/downloads/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerabilities for the impacted versions of ArcSight Logger:\n\u2022\tLogger 7.2.2 https://www.microfocus.com/support/downloads/\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential vulnerability has been identified in Micro Focus ArcSight Logger. The vulnerability could be remotely exploited resulting in Information Disclosure.",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26330",
"STATE": "PUBLIC",
"TITLE": "Potential vulnerability has been identified in Micro Focus ArcSight Logger. The vulnerability could be remotely exploited resulting in Information Disclosure."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus ArcSight Logger",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v7.2.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to give a special thanks to Michal Skowron for responsibly disclosing those vulnerabilities."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/support/downloads/",
"refsource": "MISC",
"url": "https://www.microfocus.com/support/downloads/"
},
{
"name": "https://portal.microfocus.com/s/article/KM000010167?language=en_US",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000010167?language=en_US"
}
]
},
"solution": [
{
"lang": "en",
"value": "Micro Focus has made the following mitigation information available to resolve the vulnerabilities for the impacted versions of ArcSight Logger:\n\u2022\tLogger 7.2.2 https://www.microfocus.com/support/downloads/\n"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26330",
"datePublished": "2022-08-31T15:52:15",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:31.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37449 (GCVE-0-2022-37449)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:52 – Updated: 2022-08-15 19:52
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:52:46",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37449",
"datePublished": "2022-08-15T19:52:46",
"dateRejected": "2022-08-15T19:52:46",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:52:46",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2022-37448 (GCVE-0-2022-37448)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:52 – Updated: 2022-08-15 19:52
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:52:27",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37448",
"datePublished": "2022-08-15T19:52:27",
"dateRejected": "2022-08-15T19:52:27",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:52:27",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2022-37447 (GCVE-0-2022-37447)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:52 – Updated: 2022-08-15 19:52
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:52:10",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37447",
"datePublished": "2022-08-15T19:52:10",
"dateRejected": "2022-08-15T19:52:10",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:52:10",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2022-37446 (GCVE-0-2022-37446)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:51 – Updated: 2022-08-15 19:51
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:51:46",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37446",
"datePublished": "2022-08-15T19:51:46",
"dateRejected": "2022-08-15T19:51:46",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:51:46",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2022-37445 (GCVE-0-2022-37445)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:51 – Updated: 2022-08-15 19:51
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:51:29",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37445",
"datePublished": "2022-08-15T19:51:29",
"dateRejected": "2022-08-15T19:51:29",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:51:29",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2022-37444 (GCVE-0-2022-37444)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:51 – Updated: 2022-08-15 19:51
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:51:09",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37444",
"datePublished": "2022-08-15T19:51:09",
"dateRejected": "2022-08-15T19:51:09",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:51:09",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2022-37443 (GCVE-0-2022-37443)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:50 – Updated: 2022-08-15 19:50
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:50:58",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37443",
"datePublished": "2022-08-15T19:50:58",
"dateRejected": "2022-08-15T19:50:58",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:50:58",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2022-37442 (GCVE-0-2022-37442)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:50 – Updated: 2022-08-15 19:50
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:50:52",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37442",
"datePublished": "2022-08-15T19:50:52",
"dateRejected": "2022-08-15T19:50:52",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:50:52",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2022-37441 (GCVE-0-2022-37441)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:50 – Updated: 2022-08-15 19:50
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:50:43",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37441",
"datePublished": "2022-08-15T19:50:43",
"dateRejected": "2022-08-15T19:50:43",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:50:43",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2022-37440 (GCVE-0-2022-37440)
Vulnerability from cvelistv5 – Published: 2022-08-15 19:50 – Updated: 2022-08-15 19:50
VLAI?
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2022-08-15T19:50:31",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-37440",
"datePublished": "2022-08-15T19:50:31",
"dateRejected": "2022-08-15T19:50:31",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2022-08-15T19:50:31",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2021-22531 (GCVE-0-2021-22531)
Vulnerability from cvelistv5 – Published: 2022-05-12 18:52 – Updated: 2024-08-03 18:44
VLAI?
Summary
A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | NetIQ Access Manager |
Affected:
4.5, 5.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NetIQ Access Manager",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "4.5, 5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T18:52:38",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"version_value": "4.5, 5.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html",
"refsource": "MISC",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22531",
"datePublished": "2022-05-12T18:52:38",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26326 (GCVE-0-2022-26326)
Vulnerability from cvelistv5 – Published: 2022-05-02 18:43 – Updated: 2024-08-03 05:03
VLAI?
Summary
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2
Severity ?
4 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.393Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "5.0.2",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T18:43:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26326",
"STATE": "PUBLIC",
"TITLE": "Potential open redirection vulnerability in NetIQ Access Manager versions prior to version 5.0.2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26326",
"datePublished": "2022-05-02T18:43:42",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-26325 (GCVE-0-2022-26325)
Vulnerability from cvelistv5 – Published: 2022-05-02 18:41 – Updated: 2024-08-03 05:03
VLAI?
Summary
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2
Severity ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | NetIQ Access Manager |
Affected:
NetIQ Access Manager , < 5.0.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"All"
],
"product": "NetIQ Access Manager",
"vendor": "Micro Focus",
"versions": [
{
"lessThan": "5.0.2",
"status": "affected",
"version": "NetIQ Access Manager",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-02T18:41:42",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2",
"workarounds": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2022-26325",
"STATE": "PUBLIC",
"TITLE": "Cross Site Scripting vulnerability in NetIQ Access Manager versions prior to version 5.0.2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NetIQ Access Manager",
"version": {
"version_data": [
{
"platform": "All",
"version_affected": "\u003c",
"version_name": "NetIQ Access Manager",
"version_value": "5.0.2"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h",
"refsource": "CONFIRM",
"url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h"
}
]
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Install / Upgrade NetIQ Access Manager 5.0.2"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2022-26325",
"datePublished": "2022-05-02T18:41:42",
"dateReserved": "2022-02-28T00:00:00",
"dateUpdated": "2024-08-03T05:03:32.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38125 (GCVE-0-2021-38125)
Vulnerability from cvelistv5 – Published: 2022-04-11 19:37 – Updated: 2024-08-04 01:30
VLAI?
Summary
Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution.
Severity ?
No CVSS data available.
CWE
- Unauthenticated remote code execution.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Operations Bridge containerized. |
Affected:
2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000005303?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Operations Bridge containerized.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unauthenticated remote code execution.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T19:37:49",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000005303?language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-38125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Bridge containerized.",
"version": {
"version_data": [
{
"version_value": "2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated remote code execution in Micro Focus Operations Bridge containerized, affecting versions 2021.05, 2021.08, and newer versions of Micro Focus Operations Bridge containerized if the deployment was upgraded from 2021.05 or 2021.08. The vulnerability could be exploited to unauthenticated remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthenticated remote code execution."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000005303?language=en_US",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000005303?language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-38125",
"datePublished": "2022-04-11T19:37:49",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38130 (GCVE-0-2021-38130)
Vulnerability from cvelistv5 – Published: 2022-02-04 22:29 – Updated: 2024-08-04 01:37
VLAI?
Summary
A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack.
Severity ?
No CVSS data available.
CWE
- Information leakage.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Voltage SecureMail Mail Relay. |
Affected:
All version prior to 7.3.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:15.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000003667"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Voltage SecureMail Mail Relay.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All version prior to 7.3.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information leakage.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:29:22",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000003667"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-38130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Voltage SecureMail Mail Relay.",
"version": {
"version_data": [
{
"version_value": "All version prior to 7.3.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information leakage."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000003667",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000003667"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-38130",
"datePublished": "2022-02-04T22:29:22",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-04T01:37:15.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38129 (GCVE-0-2021-38129)
Vulnerability from cvelistv5 – Published: 2022-01-25 19:11 – Updated: 2024-08-04 01:30
VLAI?
Summary
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent.
Severity ?
No CVSS data available.
CWE
- Escalation of privileges.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Micro Focus Operations Agent. |
Affected:
Micro Focus Operations Agent Versions 12.x up to and including 12.21
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.084Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Micro Focus Operations Agent.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Micro Focus Operations Agent Versions 12.x up to and including 12.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of privileges.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-25T19:11:07",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-38129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Micro Focus Operations Agent.",
"version": {
"version_data": [
{
"version_value": "Micro Focus Operations Agent Versions 12.x up to and including 12.21"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of privileges."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000003539?language=en_US",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000003539?language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-38129",
"datePublished": "2022-01-25T19:11:07",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38127 (GCVE-0-2021-38127)
Vulnerability from cvelistv5 – Published: 2022-01-14 19:11 – Updated: 2024-08-04 01:30
VLAI?
Summary
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting (XSS).
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ArcSight Enterprise Security Manager (ESM) |
Affected:
Micro Focus ArcSight ESM 7.4.x and 7.5.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000003453?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Enterprise Security Manager (ESM)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Micro Focus ArcSight ESM 7.4.x and 7.5.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting (XSS).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T19:11:33",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000003453?language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-38127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Enterprise Security Manager (ESM)",
"version": {
"version_data": [
{
"version_value": "Micro Focus ArcSight ESM 7.4.x and 7.5.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000003453?language=en_US",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000003453?language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-38127",
"datePublished": "2022-01-14T19:11:33",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38126 (GCVE-0-2021-38126)
Vulnerability from cvelistv5 – Published: 2022-01-14 19:11 – Updated: 2024-08-04 01:30
VLAI?
Summary
Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS).
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting (XSS).
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ArcSight Enterprise Security Manager (ESM) |
Affected:
Micro Focus ArcSight ESM 7.4.x and 7.5.x
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000003453?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Enterprise Security Manager (ESM)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Micro Focus ArcSight ESM 7.4.x and 7.5.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting (XSS).",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T19:11:32",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000003453?language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-38126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Enterprise Security Manager (ESM)",
"version": {
"version_data": [
{
"version_value": "Micro Focus ArcSight ESM 7.4.x and 7.5.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000003453?language=en_US",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000003453?language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-38126",
"datePublished": "2022-01-14T19:11:32",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38124 (GCVE-0-2021-38124)
Vulnerability from cvelistv5 – Published: 2021-09-28 13:56 – Updated: 2024-08-04 01:30
VLAI?
Summary
Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution.
Severity ?
No CVSS data available.
CWE
- Remote Code Execution.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | ArcSight Enterprise Security Manager (ESM). |
Affected:
ArcSight ESM versions 7.0.2 through 7.5.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:09.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000001960"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ArcSight Enterprise Security Manager (ESM).",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "ArcSight ESM versions 7.0.2 through 7.5."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T13:56:04",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.microfocus.com/s/article/KM000001960"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-38124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Enterprise Security Manager (ESM).",
"version": {
"version_data": [
{
"version_value": "ArcSight ESM versions 7.0.2 through 7.5."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Code Execution vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, affecting versions 7.0.2 through 7.5. The vulnerability could be exploited resulting in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.microfocus.com/s/article/KM000001960",
"refsource": "MISC",
"url": "https://portal.microfocus.com/s/article/KM000001960"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-38124",
"datePublished": "2021-09-28T13:56:04",
"dateReserved": "2021-08-04T00:00:00",
"dateUpdated": "2024-08-04T01:30:09.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22535 (GCVE-0-2021-22535)
Vulnerability from cvelistv5 – Published: 2021-09-28 13:54 – Updated: 2024-08-03 18:44
VLAI?
Summary
Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure.
Severity ?
No CVSS data available.
CWE
- unauthorized information security disclosure.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Directory and Resource Administrator (DRA) |
Affected:
All DRA versions prior to 10.1 Patch 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:14.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025273"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Directory and Resource Administrator (DRA)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All DRA versions prior to 10.1 Patch 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "unauthorized information security disclosure.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-28T13:54:45",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.microfocus.com/kb/doc.php?id=7025273"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2021-22535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Directory and Resource Administrator (DRA)",
"version": {
"version_data": [
{
"version_value": "All DRA versions prior to 10.1 Patch 1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. The vulnerability could lead to unauthorized information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unauthorized information security disclosure."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.microfocus.com/kb/doc.php?id=7025273",
"refsource": "MISC",
"url": "https://support.microfocus.com/kb/doc.php?id=7025273"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2021-22535",
"datePublished": "2021-09-28T13:54:45",
"dateReserved": "2021-01-05T00:00:00",
"dateUpdated": "2024-08-03T18:44:14.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}