Microfocus Security Vulnerabilities (CVEs)

Track 43 security vulnerabilities affecting Microfocus products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

15 Critical

22 High

6 Medium

Sort by:

🔔 Get Alerts for Microfocus

CVE-2021-38134 6.1

CVE-2021-38134 is a cross-site scripting (XSS) vulnerability in OpenText iManager's URL for access component. Attackers can inject malicious scripts t...

Nov 22, 2024

CVE-2021-38135 8.6

CVE-2021-38135 is an External Service Interaction vulnerability in OpenText iManager that allows attackers to force the application to interact with a...

Nov 22, 2024

CVE-2023-24466 7.5

CVE-2023-24466 is an XML External Entity (XXE) injection vulnerability in OpenText iManager's GET parameter processing. Attackers can exploit this to ...

Nov 22, 2024

CVE-2021-38116 8.8

CVE-2021-38116 is an elevation of privilege vulnerability in OpenText iManager that allows authenticated users to execute arbitrary commands with high...

Nov 22, 2024

CVE-2021-38118 5.5

CVE-2021-38118 is an improper input validation vulnerability in OpenText iManager that could allow attackers to manipulate application behavior throug...

Nov 22, 2024

CVE-2020-11859 7.6

CVE-2020-11859 is an improper input validation vulnerability in OpenText iManager that allows cross-site scripting (XSS) attacks. Attackers can inject...

Nov 6, 2024

CVE-2024-4184 8.0

This vulnerability allows attackers to perform XML External Entity (XXE) attacks through DTD injection in OpenText Application Automation Tools. Attac...

Oct 16, 2024

CVE-2024-4690 8.0

This vulnerability allows attackers to perform XML External Entity (XXE) attacks through DTD injection in OpenText Application Automation Tools. Attac...

Oct 16, 2024

CVE-2024-6360 9.8

This vulnerability allows attackers to abuse incorrect permissions on Vertica agent API keys, potentially gaining unauthorized access or elevated priv...

Oct 2, 2024

CVE-2021-38133 7.4

CVE-2021-38133 is an external service interaction vulnerability in OpenText eDirectory that allows attackers to force the server to make unauthorized ...

Sep 12, 2024

CVE-2021-38131 5.4

This CVE describes a Cross-Site Scripting (XSS) vulnerability in OpenText eDirectory 9.2.5.0000 that allows attackers to inject malicious scripts into...

Sep 12, 2024

CVE-2021-22503 5.4

This is a cross-site scripting (XSS) vulnerability in OpenText eDirectory that allows attackers to inject malicious scripts into web pages. It affects...

Sep 12, 2024

CVE-2021-22532 7.6

This vulnerability in OpenText eDirectory allows attackers to cause a denial of service via NLDAP requests. It affects eDirectory versions before 9.2....

Sep 12, 2024

CVE-2024-4555 7.7

CVE-2024-4555 is an improper privilege management vulnerability in OpenText NetIQ Access Manager that allows user account impersonation in specific sc...

Aug 28, 2024

CVE-2021-38121 8.3

This vulnerability allows attackers to intercept or manipulate communications between NetIQ Advanced Authentication clients and servers by exploiting ...

Aug 28, 2024

CVE-2021-22530 8.2

CVE-2021-22530 is an authentication bypass vulnerability in NetIQ Advanced Authentication that allows unlimited login attempts without account lockout...

Aug 28, 2024

CVE-2021-22509 8.1

CVE-2021-22509 is a sensitive data exposure vulnerability in NetIQ Advanced Authentication where stored authentication information can be accessed by ...

Aug 28, 2024

CVE-2020-11846 8.7

This vulnerability in OpenText Privileged Access Manager allows attackers to gain unrestricted access to all application resources after obtaining a t...

Aug 21, 2024

CVE-2024-3969 7.8

This XML External Entity (XXE) injection vulnerability in OpenText iManager 3.2.6.0200 allows attackers to execute remote code by submitting malicious...

May 28, 2024

CVE-2024-3488 5.6

This CVE describes an unauthenticated file upload vulnerability in OpenText iManager 3.2.6.0200. Attackers can upload arbitrary files without authenti...

May 15, 2024

CVE-2024-3968 7.8

This vulnerability allows remote attackers to execute arbitrary code on OpenText iManager 3.2.6.0200 systems by exploiting a custom file upload task. ...

May 15, 2024

CVE-2024-3484 5.7

This path traversal vulnerability in OpenText iManager 3.2.6.0200 allows attackers to access files outside the intended directory. It can lead to priv...

May 15, 2024

CVE-2024-3486 7.8

This CVE describes an XML External Entity (XXE) injection vulnerability in OpenText iManager 3.2.6.0200. Attackers can exploit this vulnerability to r...

May 15, 2024

CVE-2024-0622 8.8

This CVE describes a local privilege escalation vulnerability in OpenText Operations Agent on non-Windows platforms. An authenticated local user could...

Feb 15, 2024

CVE-2023-4964 8.2

This CVE describes an open redirect vulnerability in OpenText Service Management Automation X (SMAX) and Asset Management X (AMX) that could allow att...

Oct 30, 2023

CVE-2023-4501 9.8

This critical authentication bypass vulnerability in OpenText COBOL products allows attackers to log in with any username regardless of password valid...

Sep 12, 2023

CVE-2023-32265 7.1

This vulnerability in Micro Focus Enterprise Server Common Web Administration (ESCWA) could allow authenticated attackers to expose service account pa...

Jul 20, 2023

CVE-2023-24470 9.1

CVE-2023-24470 is an XML External Entity (XXE) injection vulnerability in ArcSight Logger versions before 7.3.0. This allows attackers to read arbitra...

Jun 13, 2023

CVE-2023-24468 9.8

CVE-2023-24468 is a broken access control vulnerability in NetIQ Advanced Authentication that allows attackers to bypass authentication mechanisms. Th...

Mar 15, 2023

CVE-2021-38125 9.8

Unauthenticated attackers can execute arbitrary code on vulnerable Micro Focus Operations Bridge containerized deployments. This affects versions 2021...

Apr 11, 2022

CVE-2021-38124 9.8

This vulnerability allows remote attackers to execute arbitrary code on Micro Focus ArcSight ESM systems without authentication. It affects all ArcSig...

Sep 28, 2021

CVE-2021-22528 8.0

This vulnerability allows attackers to execute malicious JavaScript in users' browsers through NetIQ Access Manager web interfaces. It affects organiz...

Sep 13, 2021

CVE-2021-22522 7.1

CVE-2021-22522 is a reflected cross-site scripting (XSS) vulnerability in Micro Focus Verastream Host Integrator versions 7.8 Update 1 and earlier. It...

Jul 22, 2021

CVE-2021-22516 7.5

CVE-2021-22516 is a sensitive information disclosure vulnerability in Micro Focus Secure API Manager (SAPIM) version 2.0.0 where sensitive data like c...

Jun 4, 2021

CVE-2021-22519 9.8

CVE-2021-22519 is a critical remote code execution vulnerability in Micro Focus SiteScope monitoring software. Remote attackers can execute arbitrary ...

May 28, 2021

CVE-2021-22514 9.8

A critical remote code execution vulnerability in Micro Focus Application Performance Management allows unauthenticated attackers to execute arbitrary...

Apr 28, 2021

CVE-2021-22505 9.8

CVE-2021-22505 is a privilege escalation vulnerability in Micro Focus Operations Agent that allows attackers to execute arbitrary code with the privil...

Apr 13, 2021

CVE-2021-22507 9.8

CVE-2021-22507 is an authentication bypass vulnerability in Micro Focus Operations Bridge Manager that allows remote attackers to gain unauthorized ac...

Apr 8, 2021

CVE-2021-22504 9.8

CVE-2021-22504 is a critical remote code execution vulnerability in Micro Focus Operations Bridge Manager that allows unauthenticated remote attackers...

Feb 12, 2021

CVE-2021-22502 9.8

CVE-2021-22502 is an unauthenticated command injection vulnerability in Micro Focus Operation Bridge Reporter (OBR) that allows remote attackers to ex...

Feb 8, 2021

CVE-2020-25839 9.8

CVE-2020-25839 is a SQL injection vulnerability in NetIQ Identity Manager 4.8 that allows attackers to execute arbitrary SQL commands. This affects al...

Nov 20, 2020

CVE-2020-11851 9.8

CVE-2020-11851 is a critical remote code execution vulnerability in Micro Focus ArcSight Logger affecting all versions before 7.1.1. Attackers can rem...

Nov 17, 2020

CVE-2020-11854 9.8

This CVE describes a critical remote code execution vulnerability in Micro Focus Operation Bridge Manager, Operations Bridge (containerized), and Appl...

Oct 27, 2020

Why Monitor Microfocus Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 43+ known vulnerabilities affecting Microfocus products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Microfocus packages in under 60 seconds. No agents required - completely agentless scanning that works across Microfocus deployments.

Free vulnerability database: Access detailed information about every Microfocus CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Microfocus CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Microfocus CVEs Free