Micro Focus Email

Send E-mail

 

   Micro Focus Enterprise Software Vulnerability Alerts

 

Micro Focus incorporates IT industry best practices during the product development lifecycle to ensure a strong focus on security. Micro Focus engineering and manufacturing practices are designed to meet product security requirements, protect Micro Focus intellectual property, and support Micro Focus product warranty requirements.

When a new industry-wide security vulnerability is released, Micro Focus investigates its product line to determine the impact. For impacted products, Security Bulletins will be published. These bulletins will contain impacted product versions and the resolution (patch, upgrade, or configuration change).

You may subscribe to receive real-time notifications on future Micro Focus Security Bulletins and advisories for your products - Subscribe to alerts for your products.

Recent Documents

1. KM03631564 - Operations Bridge Reporter - Apache Tomcat vulnerability CVE-2020-1938 KM03631564
 
a vulnerability in apache tomcat was addressed by operations bridge reporter. the vulnerability could be exploited to file content disclosure of the web application or remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938 a vulnerability in apache tomcat was addressed by operations bridge reporter. the vulnerability could be exploited to file content disclosure of the web application or remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938
operations bridge reporter 10.00 10.01 10.02 10.10 10.20 10.21 10.22 10.30 10.31 10.40 9.00 9.10 9.20 9.30 9.31 9.32 9.40 9.41 ; security bulletins any;
security bulletins
Created:Tue Mar 31 00:00:00 GMT 2020
public
Modified:Tue Mar 31 00:00:00 GMT 2020
published
2. KM03631339 - Server Automation. Vulnerability in Apache Tomcat. CVE-2020-1938 KM03631339
 
this document addresses a vulnerability in apache tomcat as used by server automation. the vulnerability could be exploited to file content disclosure of the web application or remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938 this document addresses a vulnerability in apache tomcat as used by server automation. the vulnerability could be exploited to file content disclosure of the web application or remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938
security bulletins any; server automation 10.20 10.21 10.22 10.23 10.50 10.51 10.60 2018.08 ;
security bulletins
Created:Mon Mar 30 00:00:00 GMT 2020
public
Modified:Mon Mar 30 00:00:00 GMT 2020
published
3. KM03631332 - Solutions Business Manager. Vulnerabilty in Apache Tomcat. CVE-2020-1938 KM03631332
 
cve-2020-1938 vulnerability in apache tomcat was addressed by solutions business manager. the vulnerability could be exploited to file content disclosure of the web application or remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938 cve-2020-1938 vulnerability in apache tomcat was addressed by solutions business manager. the vulnerability could be exploited to file content disclosure of the web application or remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938
security bulletins any; solutions business manager (sbm) ;
security bulletins
Created:Mon Mar 30 00:00:00 GMT 2020
public
Modified:Mon Mar 30 00:00:00 GMT 2020
published
4. KM03631000 - Database and Middleware Automation. Vulnerability in Apache Tomcat - CVE-2020-1938 KM03631000
 
a vulnerability in apache tomcat was addressed by database and middleware automation. the vulnerability could be exploited to remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938 a vulnerability in apache tomcat was addressed by database and middleware automation. the vulnerability could be exploited to remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938
database and middleware automation 10.30 10.40 10.50 10.60 10.61 ; security bulletins any;
security bulletins
Created:Fri Mar 27 00:00:00 GMT 2020
public
Modified:Fri Mar 27 00:00:00 GMT 2020
published
5. KM03630615- Multiple vulnerabilities lead to SQL injection vulnerability in Micro Focus Service Management Automation - CVE-2020-9521 KM03630615
 
multiple vulnerabilities in sma were addressed by the micro focus service management automation (sma) r&d team. the vulnerabilities allow for the improper neutralization of special elements in sql commands and may lead to the product being vulnerable to sql injection. multiple vulnerabilities in sma were addressed by the micro focus service management automation (sma) r&d team. the vulnerabilities allow for the improper neutralization of special elements in sql commands and may lead to the product being vulnerable to sql injection.
security bulletins any; service management automation ;
security bulletins
Created:Wed Mar 25 00:00:00 GMT 2020
public
Modified:Thu Mar 26 00:00:00 GMT 2020
published
6. KM03630605 - Multiple vulnerabilities in the Kubernetes component used by Micro Focus CDF platform - CVE-2019-11245, CVE-2019-11246, CVE-2019-11247, CVE-2019-11248, CVE-2019-11249, CVE-2019-9946, CVE-2019-1002100, CVE-2019-1002101 KM03630605
 
multiple vulnerabilities in the kubernetes component used by micro focus cdf platform were addressed by the micro focus service management automation (sma) r&d team. the vulnerabilities which originate from the kubernetes component may lead to denial of service, unauthorized access to files/directories, execution of unauthorized commands, improper access control, uncontrolled resource consumption, improper symbolic link resolution, and unauthorized privilege escalation. more specific details for each item are available from the cncf kubernetes teams by following the cve id links in this bulletin or by searching for the cve id on the internet. multiple vulnerabilities in the kubernetes component used by micro focus cdf platform were addressed by the micro focus service management automation (sma) r&d team. the vulnerabilities which originate from the kubernetes component may lead to denial of service, unauthorized access to files/directories, execution of unauthorized commands, improper access control, uncontrolled resource consumption, improper symbolic link resolution, and unauthorized privilege escalation. more specific details for each item are available from the cncf kubernetes teams by following the cve id links in this bulletin or by searching for the cve id on the internet.
security bulletins any;
security bulletins
Created:Wed Mar 25 00:00:00 GMT 2020
public
Modified:Wed Mar 25 00:00:00 GMT 2020
published
7. KM03630475 - Micro Focus Vibe stored XSS vulnerability. - CVE-2020-9520 KM03630475
 
a stored xss vulnerability was discovered in micro focus vibe prior to 4.0.7 which allows a remote attacker to craft and store malicious content into vibe such that when the content is viewed by another user of the system, attacker controlled javascript will execute in the security context of the target user's browser. a stored xss vulnerability was discovered in micro focus vibe prior to 4.0.7 which allows a remote attacker to craft and store malicious content into vibe such that when the content is viewed by another user of the system, attacker controlled javascript will execute in the security context of the target user's browser.
security bulletins any; vibe ;
security bulletins
Created:Wed Mar 25 00:00:00 GMT 2020
public
Modified:Wed Mar 25 00:00:00 GMT 2020
published
8. KM03607789 - Service Manager (Server). HTTP methods reveled in Web services vulnerability - CVE-2020-9519 KM03607789
 
a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow exposure of configuration data. a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow exposure of configuration data.
security bulletins any; service manager 9.40 9.41 9.50 9.51 9.52 9.60 9.61 9.62 9.63 ;
security bulletins
Created:Mon Mar 16 00:00:00 GMT 2020
public
Modified:Mon Mar 16 00:00:00 GMT 2020
published
9. KM03607792 - Service Manager. Login filter can access configuration files - CVE-2020-9518 KM03607792
 
a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized access to configuration data. a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized access to configuration data.
security bulletins any; service manager 9.50 9.51 9.52 9.60 9.61 9.62 ;
security bulletins
Created:Mon Mar 16 00:00:00 GMT 2020
public
Modified:Mon Mar 16 00:00:00 GMT 2020
published
10. KM03604692 - Service Manager Release Control. Improper restriction of rendered UI layers vulnerability - CVE-2020-9517 KM03604692
 
a potential vulnerability has been identified in service manager release control. the vulnerability allows improper restriction of rendered ui layers or frames in release control which may result in the ability of malicious users to perform ui redress attacks. a potential vulnerability has been identified in service manager release control. the vulnerability allows improper restriction of rendered ui layers or frames in release control which may result in the ability of malicious users to perform ui redress attacks.
security bulletins any; service manager 9.50 9.60 ;
security bulletins
Created:Mon Mar 02 00:00:00 GMT 2020
public
Modified:Wed Mar 04 00:00:00 GMT 2020
published
11. KM03569662 - AcuToWeb vulnerability that could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb - CVE-2019-17087 KM03569662
 
a potential vulnerability has been identified in micro focus acutoweb (part of the micro focus extend portfolio). the vulnerability could be exploited to enumerate and download files from the filesystem of the system running acutoweb, with the privileges of the account acutoweb is running under. a potential vulnerability has been identified in micro focus acutoweb (part of the micro focus extend portfolio). the vulnerability could be exploited to enumerate and download files from the filesystem of the system running acutoweb, with the privileges of the account acutoweb is running under.
extend and acucobol ; security bulletins any;
security bulletins
Created:Tue Dec 10 00:00:00 GMT 2019
public
Modified:Tue Dec 10 00:00:00 GMT 2019
published
12. KM03556426 - Operations Agent XXE attack vulnerability - CVE-2019-17085 KM03556426
 
a potential vulnerability has been identified in operations agent version 12.0 and higher. the vulnerability could be exploited to do an xxe attack on operations agent. a potential vulnerability has been identified in operations agent version 12.0 and higher. the vulnerability could be exploited to do an xxe attack on operations agent.
operations agent 12.00 12.01 12.02 12.03 12.04 12.05 12.06 12.10 12.11 ; security bulletins any;
security bulletins
Created:Mon Nov 18 00:00:00 GMT 2019
public
Modified:Mon Nov 18 00:00:00 GMT 2019
published
13. KM03544106 - AccuRev for LDAP Integration, version 2017.1, access may be granted without a password - CVE-2019-17082 KM03544106
 
vulnerability summary a vulnerability has been identified in the accurev for ldap integration, version 2017.1. if the accurev server and the accurev for ldap integration version 2017.1 are installed on a linux or solaris system, anyone who knows a valid accurev username can use the accurev client to login and gain access to accurev source control without knowing the user's password. vulnerability summary a vulnerability has been identified in the accurev for ldap integration, version 2017.1. if the accurev server and the accurev for ldap integration version 2017.1 are installed on a linux or solaris system, anyone who knows a valid accurev username can use the accurev client to login and gain access to accurev source control without knowing the user's password.
accurev ; security bulletins any;
security bulletins
Created:Thu Oct 31 00:00:00 GMT 2019
public
Modified:Thu Oct 31 00:00:00 GMT 2019
published
14. KM03518316 - Service Manager vulnerabilities - CVE-2019-11661, CVE-2019-11662, CVE-2019-11663, CVE-2019-11664, CVE-2019-11665, CVE-2019-11666, CVE-2018-0732, CVE-2018-0737. KM03518316
 
potential vulnerabilities have been identified in service manager: * can be exploited to allow unauthorized access and modification of data. * can be exploited in some special cases to allow information exposure through an error message. * can be exploited to allow sensitive data exposure. * the vulnerability could be exploited to allow a denial of service and sensitive data exposure. * the vulnerability could be exploited to allow insecure deserialization of untrusted data. potential vulnerabilities have been identified in service manager: * can be exploited to allow unauthorized access and modification of data. * can be exploited in some special cases to allow information exposure through an error message. * can be exploited to allow sensitive data exposure. * the vulnerability could be exploited to allow a denial of service and sensitive data exposure. * the vulnerability could be exploited to allow insecure deserialization of untrusted data.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 9.52 9.60 9.61 9.62 ;
security bulletins
Created:Mon Sep 09 00:00:00 GMT 2019
public
Modified:Fri Oct 18 00:00:00 GMT 2019
published
15. KM03532232 - Micro Focus Enterprise Developer and Enterprise Server Reflected XSS vulnerability - CVE-2019-11651 KM03532232
 
a potential vulnerability has been identified in micro focus enterprise server (including the enterprise server component of enterprise developer). the reflected xss vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests. the vulnerability is in a testing feature which is not enabled by default, and the affected feature does not itself have a web session to be hijacked or other vulnerable aspects. a potential vulnerability has been identified in micro focus enterprise server (including the enterprise server component of enterprise developer). the reflected xss vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests. the vulnerability is in a testing feature which is not enabled by default, and the affected feature does not itself have a web session to be hijacked or other vulnerable aspects.
enterprise developer/enterprise server ; security bulletins any;
security bulletins
Created:Wed Oct 02 00:00:00 GMT 2019
public
Modified:Wed Oct 02 00:00:00 GMT 2019
published
16. KM03525630 - Data Protector Local privilege escalation via omniresolve - CVE-2019-11660. KM03525630
 
a potential vulnerability has been identified in micro focus data protector. the vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. a potential vulnerability has been identified in micro focus data protector. the vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
data protector 10.00 10.01 10.02 10.03 10.04 10.10 10.20 10.30 10.40 ; security bulletins any;
security bulletins
Created:Fri Sep 13 00:00:00 GMT 2019
public
Modified:Fri Sep 13 00:00:00 GMT 2019
published
17. KM03518793 - Service Manager verification of Windows .EXE product files - CVE-2019-11670. KM03518793
 
vulnerability summary a potential vulnerability has been identified in service manager. the vulnerability could be exploited to prevent the verification of windows .exe product files provided by micro focus. vulnerability summary a potential vulnerability has been identified in service manager. the vulnerability could be exploited to prevent the verification of windows .exe product files provided by micro focus.
security bulletins any; service manager 9.62;
security bulletins
Created:Tue Sep 10 00:00:00 GMT 2019
public
Modified:Tue Sep 10 00:00:00 GMT 2019
published
18. KM03517334 - Service Manager Modifiable read only check box in FF - CVE-2019-11669. KM03517334
 
a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized modification of data. a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized modification of data.
security bulletins any; service manager 9.60 9.61 9.62 ;
security bulletins
Created:Fri Sep 06 00:00:00 GMT 2019
public
Modified:Fri Sep 06 00:00:00 GMT 2019
published
19. KM03517335 - Service Manager HTTP cookie vulnerability - CVE-2019-11668. KM03517335
 
a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow access to sensitive data in client-side. a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow access to sensitive data in client-side.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 9.52 9.60 9.61 9.62 ;
security bulletins
Created:Fri Sep 06 00:00:00 GMT 2019
public
Modified:Fri Sep 06 00:00:00 GMT 2019
published
20. KM03517346 - Service Manager unauthorized access to contact information - CVE-2019-11667. KM03517346
 
a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized access to private data. a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized access to private data.
security bulletins any; service manager 9.41 9.50 9.51 9.52 9.60 9.61 9.62 ;
security bulletins
Created:Fri Sep 06 00:00:00 GMT 2019
public
Modified:Fri Sep 06 00:00:00 GMT 2019
published