Micro Focus Email

Send E-mail

 

   Micro Focus Enterprise Software Vulnerability Alerts

 

Micro Focus incorporates IT industry best practices during the product development lifecycle to ensure a strong focus on security. Micro Focus engineering and manufacturing practices are designed to meet product security requirements, protect Micro Focus intellectual property, and support Micro Focus product warranty requirements.

When a new industry-wide security vulnerability is released, Micro Focus investigates its product line to determine the impact. For impacted products, Security Bulletins will be published. These bulletins will contain impacted product versions and the resolution (patch, upgrade, or configuration change).

You may subscribe to receive real-time notifications on future Micro Focus Security Bulletins and advisories for your products - Subscribe to alerts for your products.

Recent Documents

1. KM03806649 - Application Performance Management (APM). Arbitrary code execution Vulnerability CVE-2021-22514 KM03806649
 
a vulnerability has been identified for micro focus application performance management (apm). the vulnerability could allow remote attackers to execute arbitrary code on affected installations of apm. a vulnerability has been identified for micro focus application performance management (apm). the vulnerability could allow remote attackers to execute arbitrary code on affected installations of apm.
application performance management (bac) 9.40 9.50 9.51 ; security bulletins any;
security bulletins
Created:Thu Apr 22 00:00:00 GMT 2021
public
Modified:Thu Apr 22 00:00:00 GMT 2021
published
2. KM03797575 - Cloud Optimizer. Escalation of privileges vulnerability CVE-2021-22505. KM03797575
 
a potential vulnerability has been identified in micro focus cloud optimizer. the vulnerability could be exploited to escalate privileges and execute code under the account of cloud optimizer user. a potential vulnerability has been identified in micro focus cloud optimizer. the vulnerability could be exploited to escalate privileges and execute code under the account of cloud optimizer user.
cloud optimizer 3.00 3.01 3.02 3.03 3.04 ; security bulletins any;
security bulletins
Created:Thu Apr 08 00:00:00 GMT 2021
public
Modified:Thu Apr 08 00:00:00 GMT 2021
published
3. KM03797576 - Hybrid Cloud Management (HCM). Escalation of privileges vulnerability CVE-2021-22505. KM03797576
 
a potential vulnerability has been identified in micro focus hybrid cloud management (hcm) software. the vulnerability could be exploited to escalate privileges and execute code under the users configured to access both hcm consumer portal and cloud optimizer portal. a potential vulnerability has been identified in micro focus hybrid cloud management (hcm) software. the vulnerability could be exploited to escalate privileges and execute code under the users configured to access both hcm consumer portal and cloud optimizer portal.
hybrid cloud management all ; security bulletins any;
security bulletins
Created:Thu Apr 08 00:00:00 GMT 2021
public
Modified:Thu Apr 08 00:00:00 GMT 2021
published
4. KM03795225 - Operations Bridge (containerized). Escalation of privileges vulnerability, CVE-2021-22505 KM03795225
 
a potential vulnerability has been identified in micro focus operations bridge (containerized). the vulnerability could be exploited to escalate privileges and execute code under the account of the operations agent. please note that this vulnerability is only applicable if the operations bridge manager capability is deployed. a potential vulnerability has been identified in micro focus operations bridge (containerized). the vulnerability could be exploited to escalate privileges and execute code under the account of the operations agent. please note that this vulnerability is only applicable if the operations bridge manager capability is deployed.
operations bridge containerized 2018.05 2018.11 2019.05 2019.08 2019.11 2020.10 ; security bulletins any;
security bulletins
Created:Wed Apr 07 00:00:00 GMT 2021
public
Modified:Thu Apr 08 00:00:00 GMT 2021
published
5. KM03793283 - Operations Bridge Manager. Authentication bypass vulnerability CVE-2021-22507. KM03793283
 
a potential vulnerability has been identified for micro focus operations bridge manager. the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application. a potential vulnerability has been identified for micro focus operations bridge manager. the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application.
operations bridge manager 2019.05 2019.11 2020.05 2020.10 ; security bulletins any;
security bulletins
Created:Thu Apr 01 00:00:00 GMT 2021
public
Modified:Fri Apr 02 00:00:00 GMT 2021
published
6. KM03793285 - Hybrid Cloud Management. Authentication bypass vulnerability CVE-2021-22507. KM03793285
 
a potential vulnerability has been identified for micro focus hybrid cloud management. the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application. a potential vulnerability has been identified for micro focus hybrid cloud management. the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application.
hybrid cloud management containerized 2019.05 2019.08 2019.11 2020.05 ; security bulletins any;
security bulletins
Created:Thu Apr 01 00:00:00 GMT 2021
public
Modified:Fri Apr 02 00:00:00 GMT 2021
published
7. KM03793284 - Universal CMDB Foundation. Authentication bypass CVE 2021-22507. KM03793284
 
a potential vulnerability has been identified for micro focus universal cmdb foundation. the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application. a potential vulnerability has been identified for micro focus universal cmdb foundation. the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application.
security bulletins any; universal cmdb 2019.05 2019.11 2020.05 2020.08 2020.11 ;
security bulletins
Created:Thu Apr 01 00:00:00 GMT 2021
public
Modified:Fri Apr 02 00:00:00 GMT 2021
published
8. KM03793287 - Operations Bridge (containerized). Authentication bypass vulnerability CVE-2021-22507. KM03793287
 
a potential vulnerability has been identified for micro focus operations bridge (containerized). the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application. please note that this vulnerability is only applicable if the operations bridge manager capability is deployed. a potential vulnerability has been identified for micro focus operations bridge (containerized). the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application. please note that this vulnerability is only applicable if the operations bridge manager capability is deployed.
operations bridge containerized 2019.05 2019.08 2019.11 2020.10 ; security bulletins any;
security bulletins
Created:Thu Apr 01 00:00:00 GMT 2021
public
Modified:Thu Apr 01 00:00:00 GMT 2021
published
9. KM03793282 - Data Center Automation. Authentication bypass vulnerability CVE-2021-22507. KM03793282
 
a potential vulnerability has been identified for micro focus data center automation. the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application. a potential vulnerability has been identified for micro focus data center automation. the vulnerability could allow remote attackers to bypass user authentication and get unauthorized access to parts of the cmdb application.
data center automation-p containerized 2019.08 2019.11 2020.08 2020.11 ; security bulletins any;
security bulletins
Created:Thu Apr 01 00:00:00 GMT 2021
public
Modified:Thu Apr 01 00:00:00 GMT 2021
published
10. KM03793174 - Operations Bridge Reporter. SQL injection vulnerability, CVE-2021-22508 KM03793174
 
a potential vulnerability has been identified for micro focus operations bridge reporter. the vulnerability could be exploited to inject malicious sql queries. a potential vulnerability has been identified for micro focus operations bridge reporter. the vulnerability could be exploited to inject malicious sql queries.
operations bridge reporter 10.00 10.01 10.02 10.10 10.20 10.21 10.22 10.30 10.31 10.40 10.50 ; security bulletins any;
security bulletins
Created:Tue Mar 30 00:00:00 GMT 2021
public
Modified:Tue Mar 30 00:00:00 GMT 2021
published
11. KM03792442 - Operations Agent. Escalation of privileges vulnerability, CVE-2021-22505 KM03792442
 
a potential vulnerability has been identified in micro focus operations agent. the vulnerability could be exploited to escalate privileges and execute code under the account of the operations agent. a potential vulnerability has been identified in micro focus operations agent. the vulnerability could be exploited to escalate privileges and execute code under the account of the operations agent.
operations agent 12.00 12.01 12.02 12.03 12.04 12.05 12.06 12.10 12.11 12.12 12.14 12.15 ; security bulletins any;
security bulletins
Created:Wed Mar 24 00:00:00 GMT 2021
public
Modified:Thu Mar 25 00:00:00 GMT 2021
published
12. KM03792443 - Operations Bridge Manager. Escalation of privileges vulnerability, CVE-2021-22505 KM03792443
 
a potential vulnerability has been identified in micro focus operations bridge manager (obm). the vulnerability could be exploited to escalate privileges and execute code under the account of the operations agent which is installed on obm. a potential vulnerability has been identified in micro focus operations bridge manager (obm). the vulnerability could be exploited to escalate privileges and execute code under the account of the operations agent which is installed on obm.
operations bridge manager 10.00 10.01 10.10 10.11 10.12 10.60 10.61 10.62 10.63 2018.05 2018.11 2019.05 2019.11 2020.05 2020.10 ; security bulletins any;
security bulletins
Created:Wed Mar 24 00:00:00 GMT 2021
public
Modified:Wed Mar 24 00:00:00 GMT 2021
published
13. KM03771781 - Application Lifecycle Management ( Previously known as Quality Center ) XML Inection vulnerability, CVE-2021-22498 KM03771781
 
a potential vulnerability has been identified in micro focus application lifecycle management (alm/qc). the vulnerability could be exploited to allow an xml external entity injection. a potential vulnerability has been identified in micro focus application lifecycle management (alm/qc). the vulnerability could be exploited to allow an xml external entity injection.
quality center 12.50 12.53 12.55 12.60 ; security bulletins any;
security bulletins
Created:Thu Jan 14 00:00:00 GMT 2021
public
Modified:Fri Mar 05 00:00:00 GMT 2021
published
14. KM03789191 - Service Manager Apache Commons Beanutils vulnerability, CVE-2019-10086. KM03789191
 
a vulnerability in the apache commons beanutils used by service manager server has been addressed. the vulnerability could be exploited for remote code execution. a vulnerability in the apache commons beanutils used by service manager server has been addressed. the vulnerability could be exploited for remote code execution.
security bulletins any; service manager 9.50 9.51 9.52 9.60 9.61 9.62 9.63 ;
security bulletins
Created:Thu Mar 04 00:00:00 GMT 2021
public
Modified:Thu Mar 04 00:00:00 GMT 2021
published
15. KM03787460 - Solutions Business Manager. Vulnerabilities CVE-2019-18942, CVE-2019-18943, CVE-2019-18944, CVE-2019-18945, CVE-2019-18946, CVE-2019-18947. KM03787460
 
potential vulnerabilities have been identified in micro focus solutions business manager. potential vulnerabilities have been identified in micro focus solutions business manager.
security bulletins any; solutions business manager (sbm) ;
security bulletins
Created:Thu Feb 25 00:00:00 GMT 2021
public
Modified:Thu Feb 25 00:00:00 GMT 2021
published
16. KM03777855 - Operations Bridge Manager arbitrary code execution vulnerability - CVE-2021-22504. KM03777855
 
a critical vulnerability has been identified for micro focus operations bridge manager. the vulnerability could allow remote attackers to execute arbitrary code on an obm server. a critical vulnerability has been identified for micro focus operations bridge manager. the vulnerability could allow remote attackers to execute arbitrary code on an obm server.
operations bridge manager 10.10 10.11 10.12 10.60 10.61 10.62 10.63 2018.05 2018.11 2019.05 2019.11 2020.05 2020.10 ; security bulletins any;
security bulletins
Created:Tue Feb 09 00:00:00 GMT 2021
public
Modified:Wed Feb 10 00:00:00 GMT 2021
published
17. KM03775947 - Operations Bridge Reporter ( OBR) Remote Code execution vulnerability, CVE-2021-22502. KM03775947
 
a potential vulnerability has been identified in micro focus operations bridge reporter. the vulnerability could be exploited to remote code execution on the obr server. a potential vulnerability has been identified in micro focus operations bridge reporter. the vulnerability could be exploited to remote code execution on the obr server.
operations bridge reporter 10.40; security bulletins any;
security bulletins
Created:Fri Feb 05 00:00:00 GMT 2021
public
Modified:Fri Feb 05 00:00:00 GMT 2021
published
18. KM03775253 - Application Performance Management vulnerabilities CVE-2021-22499 and CVE-2021-22500 KM03775253
 
multiple vulnerabilities have been identified for micro focus application performance management (apm). cve-2021-22499: a vulnerability detected in apm that could be exploited by authenticated apm users as a persistent xss attack against other users of the product. cve-2021-22500: a vulnerability detected in apm that could be exploited by attacker to trick the users into executing actions of the attacker's choosing. multiple vulnerabilities have been identified for micro focus application performance management (apm). cve-2021-22499: a vulnerability detected in apm that could be exploited by authenticated apm users as a persistent xss attack against other users of the product. cve-2021-22500: a vulnerability detected in apm that could be exploited by attacker to trick the users into executing actions of the attacker's choosing.
application performance management (bac) 9.40 9.50 9.51 ; security bulletins any;
security bulletins
Created:Thu Feb 04 00:00:00 GMT 2021
public
Modified:Thu Feb 04 00:00:00 GMT 2021
published
19. KM03747948 - Universal CMDB. Arbitrary code execution CVE-2020-11853. KM03747948
 
a vulnerability has been identified for micro focus universal cmdb foundation. the vulnerability allows remote attackers to execute arbitrary code on affected installations of ucmdb. an attack requires network access and authentication as a valid application user. a vulnerability has been identified for micro focus universal cmdb foundation. the vulnerability allows remote attackers to execute arbitrary code on affected installations of ucmdb. an attack requires network access and authentication as a valid application user.
security bulletins any; universal cmdb 10.30 10.31 10.32 10.33 11.00 2018.05 2018.08 2018.11 2019.02 2019.05 2019.11 2020.05 2020.08 ;
security bulletins
Created:Mon Oct 19 00:00:00 GMT 2020
public
Modified:Fri Dec 18 00:00:00 GMT 2020
published
20. KM03709900 - Operations Agent, local privileges vulnerability - CVE-2020-11861 KM03709900
 
a potential vulnerability has been identified in glance module of operations agent. the vulnerability could be exploited to escalate the local privileges and gain root access on the system. a potential vulnerability has been identified in glance module of operations agent. the vulnerability could be exploited to escalate the local privileges and gain root access on the system.
operations agent 12.10 12.11 ; security bulletins any;
security bulletins
Created:Thu Sep 17 00:00:00 GMT 2020
public
Modified:Fri Dec 11 00:00:00 GMT 2020
published