Micro Focus Email

Send E-mail

 

   Micro Focus Enterprise Software Vulnerability Alerts

 

Micro Focus incorporates IT industry best practices during the product development lifecycle to ensure a strong focus on security. Micro Focus engineering and manufacturing practices are designed to meet product security requirements, protect Micro Focus intellectual property, and support Micro Focus product warranty requirements.

When a new industry-wide security vulnerability is released, Micro Focus investigates its product line to determine the impact. For impacted products, Security Bulletins will be published. These bulletins will contain impacted product versions and the resolution (patch, upgrade, or configuration change).

You may subscribe to receive real-time notifications on future Micro Focus Security Bulletins and advisories for your products - Subscribe to alerts for your products.

Recent Documents

1. KM03461174 Micro Focus Fortify Software Security Center Server, CVE-2019-11649 KM03461174
 
a potential cross-site scripting vulnerability has been identified in micro focus software security center. the vulnerability could be exploited to execute javascript code in user's browser. a potential cross-site scripting vulnerability has been identified in micro focus software security center. the vulnerability could be exploited to execute javascript code in user's browser.
fortify software security center server 18.10 18.20 ; security bulletins any;
security bulletins
Created:Mon Jun 17 00:00:00 GMT 2019
public
Modified:Wed Jun 19 00:00:00 GMT 2019
published
2. KM03459924 - Micro Focus Service Manager, CVE-2016-5000 KM03459924
 
a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to allow remote attackers to read arbitrary files via a crafted openxml document containing an external entity declaration in conjunction with an entity reference against the service manager server and web tier. a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to allow remote attackers to read arbitrary files via a crafted openxml document containing an external entity declaration in conjunction with an entity reference against the service manager server and web tier.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 9.52 9.60 9.61 ;
security bulletins
Created:Thu Jun 13 00:00:00 GMT 2019
public
Modified:Thu Jun 13 00:00:00 GMT 2019
published
3. KM03459854 - Micro Focus Service Manager, CVE-2017-7525, CVE-2017-15095, CVE-2018-7489 KM03459854
 
a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to allow unauthenticated remote code execution against the service manager web tier. a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to allow unauthenticated remote code execution against the service manager web tier.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 9.52 9.60 ;
security bulletins
Created:Thu Jun 13 00:00:00 GMT 2019
public
Modified:Thu Jun 13 00:00:00 GMT 2019
published
4. KM03452977 - Micro Focus Service Manager, CVE-2019-11646 KM03452977
 
a potential security vulnerability has been identified with service manager. this vulnerability may result in unauthorized command execution and unauthorized disclosure of information. a potential security vulnerability has been identified with service manager. this vulnerability may result in unauthorized command execution and unauthorized disclosure of information.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 9.52 9.60 9.61 ;
security bulletins
Created:Mon Jun 03 00:00:00 GMT 2019
public
Modified:Mon Jun 03 00:00:00 GMT 2019
published
5. MFSBGN03846 rev.1 - Micro Focus Service Management Automation (SMA), CVE-2019-5736 KM03410944
 
a vulnerability in docker-runc was addressed by micro focus service management automation (sma). the vulnerability could be exploited to local unauthorized disclosure of information, local unauthorized modification and local disruption of service. a vulnerability in docker-runc was addressed by micro focus service management automation (sma). the vulnerability could be exploited to local unauthorized disclosure of information, local unauthorized modification and local disruption of service.
security bulletins any; sm automation containerized 2018.02 2018.05 2018.08 2018.11 ;
security bulletins
Created:Sun May 05 00:00:00 GMT 2019
public
Modified:Sun May 05 00:00:00 GMT 2019
published
6. HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities KM02994342
 
potential security vulnerabilities have been identified in hpe network automation. the vulnerabilities could be remotely exploited to allow sql injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management. potential security vulnerabilities have been identified in hpe network automation. the vulnerabilities could be remotely exploited to allow sql injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management.
network automation ; security bulletins any;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri May 03 00:00:00 GMT 2019
published
7. MFSBGN03845 rev.1 - Micro Focus Network Automation and Micro Focus Network Operations Management (NOM), Remote Code Execution KM03407763
 
a potential security vulnerability has been identified in micro focus network automation and micro focus network operations management (nom). the vulnerability could be remotely exploited to remote code execution. a potential security vulnerability has been identified in micro focus network automation and micro focus network operations management (nom). the vulnerability could be remotely exploited to remote code execution.
network automation 10.00 10.10 10.20 10.30 10.40 10.50 2018.05 2018.08 2018.11 9.20 9.21 ; network operations management all ; security bulletins any;
security bulletins
Created:Sun Apr 28 00:00:00 GMT 2019
public
Modified:Sun Apr 28 00:00:00 GMT 2019
published
8. MFSBGN03843 rev.1 - Micro Focus Content Manager, Remote upload content to arbitrary locations KM03359911
 
an unauthenticated file upload vulnerability has been identified in the web client component of content manager when configured to use the adfs authentication method. the vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the content manager server. an unauthenticated file upload vulnerability has been identified in the web client component of content manager when configured to use the adfs authentication method. the vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the content manager server.
content manager (hpe rm) 9.10 9.20 9.30 ; security bulletins any;
security bulletins
Created:Sun Mar 17 00:00:00 GMT 2019
public
Modified:Thu Mar 28 00:00:00 GMT 2019
published
9. MFSBGN03842 rev.1 - Micro Focus ArcSight Logger, Multiple Vulnerabilities KM03355866
 
this bulleting covers multiple potential vulnerabilities that have been identified in micro focus arcsight logger. the vulnerabilities could be exploited to remote code execution, stored/reflected xss, xml external entity parsing, directory traversal and disclosure of information. this bulleting covers multiple potential vulnerabilities that have been identified in micro focus arcsight logger. the vulnerabilities could be exploited to remote code execution, stored/reflected xss, xml external entity parsing, directory traversal and disclosure of information.
arcsight logger software 5.0 5.1 5.2 5.3 5.5 6.0 6.1 6.11 6.21 6.3 6.31 6.4 6.41 6.5 6.6 6.61 ; security bulletins any;
security bulletins
Created:Mon Mar 11 00:00:00 GMT 2019
public
Modified:Mon Mar 11 00:00:00 GMT 2019
published
10. MFSBGN03840 rev.1 - Data Protector, Remote Arbitrary Code Execution KM03337614
 
potential security vulnerability has been identified in micro focus data protector. this vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of micro focus data protector. potential security vulnerability has been identified in micro focus data protector. this vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of micro focus data protector.
data protector 10.03; security bulletins any;
security bulletins
Created:Wed Feb 20 00:00:00 GMT 2019
public
Modified:Wed Feb 20 00:00:00 GMT 2019
published
11. MFSBGN03839 rev.1 - Service Management Automation (SMA), Kubernetes vulnerability CVE-2018-1002105 KM03325912
 
a vulnerability in kubernetes used in cdf component was addressed by service management automation (sma)-sm. the vulnerability could be exploited to allow unauthorized disclosure of information, unauthorized modification and disruption of service. a vulnerability in kubernetes used in cdf component was addressed by service management automation (sma)-sm. the vulnerability could be exploited to allow unauthorized disclosure of information, unauthorized modification and disruption of service.
security bulletins any; sm automation containerized 2017.04 2017.07 2017.11 2018.02 2018.05 2018.08 ;
security bulletins
Created:Tue Jan 29 00:00:00 GMT 2019
public
Modified:Tue Jan 29 00:00:00 GMT 2019
published
12. MFSBGN03838 rev.1 - UCMDB Configuration Management Service, Multiple Vulnerabilities KM03309650
 
a potential security vulnerability has been identified in ucmdb. the vulnerability could be remotely exploited to remote directory traversal and remote disclosure of privileged information. a potential security vulnerability has been identified in ucmdb. the vulnerability could be remotely exploited to remote directory traversal and remote disclosure of privileged information.
security bulletins any; universal cmdb config mgr 10.33;
security bulletins
Created:Mon Dec 31 00:00:00 GMT 2018
public
Modified:Mon Dec 31 00:00:00 GMT 2018
published
13. MFSBGN03834 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access KM03298201
 
the ssc rest api contains insecure direct object reference (idor) vulnerabilities that allow authenticated users access to arbitrary details of the local and ldap users via post method and to arbitrary details of other user's fortify projects via get method. the ssc rest api contains insecure direct object reference (idor) vulnerabilities that allow authenticated users access to arbitrary details of the local and ldap users via post method and to arbitrary details of other user's fortify projects via get method.
fortify software security center server 17.10 17.20 18.10 ; security bulletins any;
security bulletins
Created:Thu Dec 06 00:00:00 GMT 2018
public
Modified:Wed Dec 12 00:00:00 GMT 2018
published
14. MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities KM03302206
 
a vulnerabilities in apache tomcat was addressed by micro focus network node manager i. the vulnerability could be exploited remote cross-site scripting (xss) and remote disclosure of information a vulnerabilities in apache tomcat was addressed by micro focus network node manager i. the vulnerability could be exploited remote cross-site scripting (xss) and remote disclosure of information
network node manager i ultimate na; security bulletins any;
security bulletins
Created:Wed Dec 12 00:00:00 GMT 2018
public
Modified:Wed Dec 12 00:00:00 GMT 2018
published
15. MFSBGN03831 rev. - Service Management Automation, remote disclosure of information KM03286178
 
a potential vulnerability has been identified in micro focus service management automation.  the vulnerability could be exploited to remote disclosure of information a potential vulnerability has been identified in micro focus service management automation.  the vulnerability could be exploited to remote disclosure of information
security bulletins any; sm automation containerized 2017.11 2018.02 2018.05 ;
security bulletins
Created:Mon Nov 12 00:00:00 GMT 2018
public
Modified:Mon Nov 12 00:00:00 GMT 2018
published
16. MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information KM03286177
 
a potential security vulnerability has been identified with service manager the vulnerability could be exploited to unauthorized disclosure of information a potential security vulnerability has been identified with service manager the vulnerability could be exploited to unauthorized disclosure of information
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 ;
security bulletins
Created:Mon Nov 12 00:00:00 GMT 2018
public
Modified:Mon Nov 12 00:00:00 GMT 2018
published
17. MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data KM03286176
 
a potential vulnerability has been identified in micro focus service manager. the vulnerability could be exploited to unauthorized disclosure of data. a potential vulnerability has been identified in micro focus service manager. the vulnerability could be exploited to unauthorized disclosure of data.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 ;
security bulletins
Created:Mon Nov 12 00:00:00 GMT 2018
public
Modified:Mon Nov 12 00:00:00 GMT 2018
published
18. MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution KM03283416
 
a potential vulnerability has been identified in the operations bridge manager capability of the micro focus operations bridge containerized suite. the vulnerability could be exploited to remote code execution and information disclosure. a potential vulnerability has been identified in the operations bridge manager capability of the micro focus operations bridge containerized suite. the vulnerability could be exploited to remote code execution and information disclosure.
operations bridge containerized 2017.11 2018.02 2018.05 2018.08 ; security bulletins any;
security bulletins
Created:Wed Nov 07 00:00:00 GMT 2018
public
Modified:Wed Nov 07 00:00:00 GMT 2018
published
19. MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability KM03272900
 
a potential vulnerability has been identified in micro focus' real user monitoring software. the vulnerability could be exploited to execute arbitrary. a potential vulnerability has been identified in micro focus' real user monitoring software. the vulnerability could be exploited to execute arbitrary.
real user monitor 9.26 9.30 9.40 9.50 ; security bulletins any;
security bulletins
Created:Fri Oct 19 00:00:00 GMT 2018
public
Modified:Tue Oct 23 00:00:00 GMT 2018
published
20. MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability KM03245142
 
potential security vulnerabilities have been identified in arcsight management center (arcmc). these vulnerabilities could be remotely exploited to allow: * csrf, * xss, * arbitrary file download, * disclosure of information, * access restriction bypass, * directory traversal potential security vulnerabilities have been identified in arcsight management center (arcmc). these vulnerabilities could be remotely exploited to allow: * csrf, * xss, * arbitrary file download, * disclosure of information, * access restriction bypass, * directory traversal
arcsight management center 1.0 2.0 2.1 2.2 2.21 2.5 2.51 2.6 2.61 2.7 2.8 ; security bulletins any;
security bulletins
Created:Tue Sep 11 00:00:00 GMT 2018
public
Modified:Wed Sep 19 00:00:00 GMT 2018
published