Search criteria
48 vulnerabilities found for service_manager by microfocus
FKIE_CVE-2020-11845
Vulnerability from fkie_nvd - Published: 2020-05-19 15:15 - Updated: 2024-11-21 04:58
Severity ?
Summary
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2372DD-AABE-43DF-8873-59CECFEA88CF",
"versionEndIncluding": "9.63",
"versionStartIncluding": "9.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML."
},
{
"lang": "es",
"value": "Vulnerabilidad de tipo Cross Site Scripting en el producto Micro Focus Service Manager. Afectando las versiones 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. La vulnerabilidad podr\u00eda ser explotada para permitir a atacantes remotos inyectar script web o HTML arbitrario."
}
],
"id": "CVE-2020-11845",
"lastModified": "2024-11-21T04:58:44.680",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-19T15:15:11.340",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-9518
Vulnerability from fkie_nvd - Published: 2020-03-16 14:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F2DA8C-6646-4BBE-B94D-D7B9AE797F97",
"versionEndIncluding": "9.62",
"versionStartIncluding": "9.50",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."
},
{
"lang": "es",
"value": "Una vulnerabilidad del filtro de inicio de sesi\u00f3n que puede acceder los archivos de configuraci\u00f3n en Micro Focus Service Manager (Web Tier), afectando a las versiones 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. La vulnerabilidad podr\u00eda ser explotada para permitir acceso no autorizado a los datos de configuraci\u00f3n."
}
],
"id": "CVE-2020-9518",
"lastModified": "2024-11-21T05:40:47.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T14:15:14.727",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-9519
Vulnerability from fkie_nvd - Published: 2020-03-16 13:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF018AC-5A5A-4E77-A60B-C36D368C68F1",
"versionEndIncluding": "9.63",
"versionStartIncluding": "9.40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data."
},
{
"lang": "es",
"value": "Una vulnerabilidad de m\u00e9todos HTTP revelados en los servicios Web en el administrador de Micro Focus Service (server), afectando a las versiones 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. La vulnerabilidad podr\u00eda ser explotada para permitir una exposici\u00f3n de datos de configuraci\u00f3n."
}
],
"id": "CVE-2020-9519",
"lastModified": "2024-11-21T05:40:47.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-16T13:15:11.447",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-9517
Vulnerability from fkie_nvd - Published: 2020-03-09 16:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | 9.50 | |
| microfocus | service_manager | 9.60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:9.50:*:*:*:*:*:*:*",
"matchCriteriaId": "06C07728-DD28-4DA1-8BB4-0C8580F341A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:service_manager:9.60:-:*:*:*:*:*:*",
"matchCriteriaId": "1349F491-4255-487B-8C68-D29623650343",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks."
},
{
"lang": "es",
"value": "Se presenta una restricci\u00f3n inapropiada de las capas de la Interfaz de Usuario renderizadas o una vulnerabilidad de marcos en Micro Focus Service Manager Release Control versiones 9.50 y 9.60. La vulnerabilidad puede resultar en la capacidad de usuarios maliciosos para realizar ataques de reparaci\u00f3n de la Interfaz de Usuario."
}
],
"id": "CVE-2020-9517",
"lastModified": "2024-11-21T05:40:47.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-09T16:15:16.077",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11664
Vulnerability from fkie_nvd - Published: 2019-09-18 22:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADB19C2-B503-4BC5-A54D-D3F7E7B1E975",
"versionEndIncluding": "9.62",
"versionStartIncluding": "9.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
},
{
"lang": "es",
"value": "La contrase\u00f1a en texto sin cifrar en el navegador en Micro Focus Service Manager versiones de producto 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. La vulnerabilidad podr\u00eda explotarse para permitir la exposici\u00f3n de datos confidenciales."
}
],
"id": "CVE-2019-11664",
"lastModified": "2024-11-21T04:21:33.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T22:15:11.107",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11663
Vulnerability from fkie_nvd - Published: 2019-09-18 22:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADB19C2-B503-4BC5-A54D-D3F7E7B1E975",
"versionEndIncluding": "9.62",
"versionStartIncluding": "9.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
},
{
"lang": "es",
"value": "Las credenciales en texto sin cifrar son usadas para acceder a la aplicaci\u00f3n de administradores en Tomcat en Micro Focus Service Manager versiones de producto 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. La vulnerabilidad podr\u00eda explotarse para permitir la exposici\u00f3n de datos confidenciales."
}
],
"id": "CVE-2019-11663",
"lastModified": "2024-11-21T04:21:33.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T22:15:11.027",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-311"
},
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11661
Vulnerability from fkie_nvd - Published: 2019-09-18 22:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADB19C2-B503-4BC5-A54D-D3F7E7B1E975",
"versionEndIncluding": "9.62",
"versionStartIncluding": "9.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data."
},
{
"lang": "es",
"value": "Permitir cambios en alguna tabla por parte de usuarios no Administradores de Sistema (SysAdmin) en Micro Focus Service Manager versiones de producto 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Esta vulnerabilidad podr\u00eda ser explotada para permitir el acceso no autorizado y la modificaci\u00f3n de datos."
}
],
"id": "CVE-2019-11661",
"lastModified": "2024-11-21T04:21:33.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T22:15:10.840",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11662
Vulnerability from fkie_nvd - Published: 2019-09-18 22:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADB19C2-B503-4BC5-A54D-D3F7E7B1E975",
"versionEndIncluding": "9.62",
"versionStartIncluding": "9.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message."
},
{
"lang": "es",
"value": "Los nombres de clase y m\u00e9todo en un mensaje de error en Micro Focus Service Manager versiones de producto 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. Esta vulnerabilidad podr\u00eda ser explotada en algunos casos especiales para permitir la exposici\u00f3n de informaci\u00f3n por medio de un mensaje de error."
}
],
"id": "CVE-2019-11662",
"lastModified": "2024-11-21T04:21:33.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T22:15:10.903",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11665
Vulnerability from fkie_nvd - Published: 2019-09-17 20:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADB19C2-B503-4BC5-A54D-D3F7E7B1E975",
"versionEndIncluding": "9.62",
"versionStartIncluding": "9.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
},
{
"lang": "es",
"value": "Una exposici\u00f3n de datos en Micro Focus Service Manager versiones de producto 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. La vulnerabilidad podr\u00eda ser explotada para permitir la exposici\u00f3n de datos confidenciales."
}
],
"id": "CVE-2019-11665",
"lastModified": "2024-11-21T04:21:33.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T20:15:11.093",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11666
Vulnerability from fkie_nvd - Published: 2019-09-17 19:15 - Updated: 2024-11-21 04:21
Severity ?
Summary
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microfocus | service_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2ADB19C2-B503-4BC5-A54D-D3F7E7B1E975",
"versionEndIncluding": "9.62",
"versionStartIncluding": "9.30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data."
},
{
"lang": "es",
"value": "Deserializaci\u00f3n no segura de datos no confiables en el producto Micro Focus Service Manager en las versiones 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. La vulnerabilidad podr\u00eda ser explotada para permitir la deserializaci\u00f3n no segura de datos no confiables."
}
],
"id": "CVE-2019-11666",
"lastModified": "2024-11-21T04:21:33.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-17T19:15:10.697",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-11845 (GCVE-0-2020-11845)
Vulnerability from cvelistv5 – Published: 2020-05-19 14:05 – Updated: 2024-08-04 11:41
VLAI?
Summary
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Service Manager. |
Affected:
9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:41:59.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:39",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager.",
"version": {
"version_data": [
{
"version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03640285",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11845",
"datePublished": "2020-05-19T14:05:21",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:41:59.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9518 (GCVE-0-2020-9518)
Vulnerability from cvelistv5 – Published: 2020-03-16 13:01 – Updated: 2024-08-04 10:34
VLAI?
Summary
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.
Severity ?
No CVSS data available.
CWE
- Login filter can access configuration files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Service Manager (Web Tier). |
Affected:
9.50, 9.51, 9.52, 9.60, 9.61, 9.62
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager (Web Tier).",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Login filter can access configuration files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T13:01:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager (Web Tier).",
"version": {
"version_data": [
{
"version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Login filter can access configuration files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03607792",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9518",
"datePublished": "2020-03-16T13:01:28",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:39.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9519 (GCVE-0-2020-9519)
Vulnerability from cvelistv5 – Published: 2020-03-16 13:00 – Updated: 2024-08-04 10:34
VLAI?
Summary
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.
Severity ?
No CVSS data available.
CWE
- HTTP methods reveled in Web services.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Service Manager (Server). |
Affected:
9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager (Server).",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP methods reveled in Web services.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T13:00:11",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager (Server).",
"version": {
"version_data": [
{
"version_value": "9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP methods reveled in Web services."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03607789",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9519",
"datePublished": "2020-03-16T13:00:11",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:38.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9517 (GCVE-0-2020-9517)
Vulnerability from cvelistv5 – Published: 2020-03-09 15:54 – Updated: 2024-08-04 10:34
VLAI?
Summary
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
Severity ?
No CVSS data available.
CWE
- Improper restriction of rendered UI layers or frames
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Service Manager |
Affected:
9.50, 9.60
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.50, 9.60"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:03",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.50, 9.60"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper restriction of rendered UI layers or frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03604692",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9517",
"datePublished": "2020-03-09T15:54:33",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:38.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11662 (GCVE-0-2019-11662)
Vulnerability from cvelistv5 – Published: 2019-09-18 21:55 – Updated: 2024-08-04 23:03
VLAI?
Summary
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message.
Severity ?
No CVSS data available.
CWE
- Class and method names in error message.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Class and method names in error message.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Class and method names in error message."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11662",
"datePublished": "2019-09-18T21:55:49",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11661 (GCVE-0-2019-11661)
Vulnerability from cvelistv5 – Published: 2019-09-18 21:50 – Updated: 2024-08-04 23:03
VLAI?
Summary
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.
Severity ?
No CVSS data available.
CWE
- Allow changes to some table by non-SysAdmin
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allow changes to some table by non-SysAdmin",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allow changes to some table by non-SysAdmin"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11661",
"datePublished": "2019-09-18T21:50:05",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11664 (GCVE-0-2019-11664)
Vulnerability from cvelistv5 – Published: 2019-09-18 21:35 – Updated: 2024-08-04 23:03
VLAI?
Summary
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
Severity ?
No CVSS data available.
CWE
- Clear text password in browser
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Clear text password in browser",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Clear text password in browser"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11664",
"datePublished": "2019-09-18T21:35:55",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11663 (GCVE-0-2019-11663)
Vulnerability from cvelistv5 – Published: 2019-09-18 21:29 – Updated: 2024-08-04 23:03
VLAI?
Summary
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
Severity ?
No CVSS data available.
CWE
- Clear text credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Clear text credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:08",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Clear text credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11663",
"datePublished": "2019-09-18T21:29:59",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11665 (GCVE-0-2019-11665)
Vulnerability from cvelistv5 – Published: 2019-09-17 19:01 – Updated: 2024-08-04 23:03
VLAI?
Summary
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
Severity ?
No CVSS data available.
CWE
- Data exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11665",
"datePublished": "2019-09-17T19:01:27",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11666 (GCVE-0-2019-11666)
Vulnerability from cvelistv5 – Published: 2019-09-17 18:52 – Updated: 2024-08-04 23:03
VLAI?
Summary
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
Severity ?
No CVSS data available.
CWE
- Insecure deserialization of untrusted data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure deserialization of untrusted data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:43",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure deserialization of untrusted data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11666",
"datePublished": "2019-09-17T18:52:03",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11845 (GCVE-0-2020-11845)
Vulnerability from nvd – Published: 2020-05-19 14:05 – Updated: 2024-08-04 11:41
VLAI?
Summary
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.
Severity ?
No CVSS data available.
CWE
- Cross Site Scripting.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Service Manager. |
Affected:
9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63.
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:41:59.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:39",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-11845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager.",
"version": {
"version_data": [
{
"version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03640285",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03640285"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-11845",
"datePublished": "2020-05-19T14:05:21",
"dateReserved": "2020-04-16T00:00:00",
"dateUpdated": "2024-08-04T11:41:59.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9518 (GCVE-0-2020-9518)
Vulnerability from nvd – Published: 2020-03-16 13:01 – Updated: 2024-08-04 10:34
VLAI?
Summary
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.
Severity ?
No CVSS data available.
CWE
- Login filter can access configuration files
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Service Manager (Web Tier). |
Affected:
9.50, 9.51, 9.52, 9.60, 9.61, 9.62
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:39.574Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager (Web Tier).",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Login filter can access configuration files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T13:01:28",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager (Web Tier).",
"version": {
"version_data": [
{
"version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Login filter can access configuration files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03607792",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9518",
"datePublished": "2020-03-16T13:01:28",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:39.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9519 (GCVE-0-2020-9519)
Vulnerability from nvd – Published: 2020-03-16 13:00 – Updated: 2024-08-04 10:34
VLAI?
Summary
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.
Severity ?
No CVSS data available.
CWE
- HTTP methods reveled in Web services.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Service Manager (Server). |
Affected:
9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager (Server).",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP methods reveled in Web services.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T13:00:11",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager (Server).",
"version": {
"version_data": [
{
"version_value": "9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP methods reveled in Web services."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03607789",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03607789"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9519",
"datePublished": "2020-03-16T13:00:11",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:38.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9517 (GCVE-0-2020-9517)
Vulnerability from nvd – Published: 2020-03-09 15:54 – Updated: 2024-08-04 10:34
VLAI?
Summary
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
Severity ?
No CVSS data available.
CWE
- Improper restriction of rendered UI layers or frames
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus International | Service Manager |
Affected:
9.50, 9.60
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus International",
"versions": [
{
"status": "affected",
"version": "9.50, 9.60"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper restriction of rendered UI layers or frames",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:03",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.50, 9.60"
}
]
}
}
]
},
"vendor_name": "Micro Focus International"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper restriction of rendered UI layers or frames"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03604692",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03604692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9517",
"datePublished": "2020-03-09T15:54:33",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:38.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11662 (GCVE-0-2019-11662)
Vulnerability from nvd – Published: 2019-09-18 21:55 – Updated: 2024-08-04 23:03
VLAI?
Summary
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message.
Severity ?
No CVSS data available.
CWE
- Class and method names in error message.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Class and method names in error message.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:40",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Class and method names in error message."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11662",
"datePublished": "2019-09-18T21:55:49",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11661 (GCVE-0-2019-11661)
Vulnerability from nvd – Published: 2019-09-18 21:50 – Updated: 2024-08-04 23:03
VLAI?
Summary
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.
Severity ?
No CVSS data available.
CWE
- Allow changes to some table by non-SysAdmin
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Allow changes to some table by non-SysAdmin",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:37",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Allow changes to some table by non-SysAdmin"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11661",
"datePublished": "2019-09-18T21:50:05",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11664 (GCVE-0-2019-11664)
Vulnerability from nvd – Published: 2019-09-18 21:35 – Updated: 2024-08-04 23:03
VLAI?
Summary
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
Severity ?
No CVSS data available.
CWE
- Clear text password in browser
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Clear text password in browser",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:49",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Clear text password in browser"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11664",
"datePublished": "2019-09-18T21:35:55",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11663 (GCVE-0-2019-11663)
Vulnerability from nvd – Published: 2019-09-18 21:29 – Updated: 2024-08-04 23:03
VLAI?
Summary
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
Severity ?
No CVSS data available.
CWE
- Clear text credentials
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Clear text credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:16:08",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Clear text credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11663",
"datePublished": "2019-09-18T21:29:59",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11665 (GCVE-0-2019-11665)
Vulnerability from nvd – Published: 2019-09-17 19:01 – Updated: 2024-08-04 23:03
VLAI?
Summary
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
Severity ?
No CVSS data available.
CWE
- Data exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:50",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11665",
"datePublished": "2019-09-17T19:01:27",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11666 (GCVE-0-2019-11666)
Vulnerability from nvd – Published: 2019-09-17 18:52 – Updated: 2024-08-04 23:03
VLAI?
Summary
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
Severity ?
No CVSS data available.
CWE
- Insecure deserialization of untrusted data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Micro Focus | Service Manager |
Affected:
9.30
Affected: 9.31 Affected: 9.32 Affected: 9.33 Affected: 9.34 Affected: 9.35 Affected: 9.40 Affected: 9.41 Affected: 9.50 Affected: 9.51 Affected: 9.52 Affected: 9.60 Affected: 9.61 Affected: 9.62 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:31.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Service Manager",
"vendor": "Micro Focus",
"versions": [
{
"status": "affected",
"version": "9.30"
},
{
"status": "affected",
"version": "9.31"
},
{
"status": "affected",
"version": "9.32"
},
{
"status": "affected",
"version": "9.33"
},
{
"status": "affected",
"version": "9.34"
},
{
"status": "affected",
"version": "9.35"
},
{
"status": "affected",
"version": "9.40"
},
{
"status": "affected",
"version": "9.41"
},
{
"status": "affected",
"version": "9.50"
},
{
"status": "affected",
"version": "9.51"
},
{
"status": "affected",
"version": "9.52"
},
{
"status": "affected",
"version": "9.60"
},
{
"status": "affected",
"version": "9.61"
},
{
"status": "affected",
"version": "9.62"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure deserialization of untrusted data.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:43",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2019-11666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Service Manager",
"version": {
"version_data": [
{
"version_value": "9.30"
},
{
"version_value": "9.31"
},
{
"version_value": "9.32"
},
{
"version_value": "9.33"
},
{
"version_value": "9.34"
},
{
"version_value": "9.35"
},
{
"version_value": "9.40"
},
{
"version_value": "9.41"
},
{
"version_value": "9.50"
},
{
"version_value": "9.51"
},
{
"version_value": "9.52"
},
{
"version_value": "9.60"
},
{
"version_value": "9.61"
},
{
"version_value": "9.62"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure deserialization of untrusted data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03518316",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03518316"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2019-11666",
"datePublished": "2019-09-17T18:52:03",
"dateReserved": "2019-05-01T00:00:00",
"dateUpdated": "2024-08-04T23:03:31.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}