Micro Focus Enterprise Software Vulnerability Alerts

 

Micro Focus incorporates IT industry best practices during the product development lifecycle to ensure a strong focus on security. Micro Focus engineering and manufacturing practices are designed to meet product security requirements, protect Micro Focus intellectual property, and support Micro Focus product warranty requirements.

When a new industry-wide security vulnerability is released, Micro Focus investigates its product line to determine the impact. For impacted products, Security Bulletins will be published. These bulletins will contain impacted product versions and the resolution (patch, upgrade, or configuration change).

You may subscribe to receive real-time notifications on future Micro Focus Security Bulletins and advisories for your products - Subscribe to alerts for your products.

Recent Documents

Minimize Maximize
1. MFSBGN03799 rev.1 - Micro Focus UCMDB, Remote Disclosure of Information KM03091097
 
a potential vulnerability has been identified in micro focus ucmdb. the vulnerability could be remotely exploited to allow disclosure of information. a potential vulnerability has been identified in micro focus ucmdb. the vulnerability could be remotely exploited to allow disclosure of information.
security bulletins any; universal cmdb 10.10 10.11 10.20 10.21 10.30 10.31 4.1 ;
security bulletins
Created:Thu Feb 08 00:00:00 GMT 2018
public
Modified:Tue Feb 20 00:00:00 GMT 2018
published
2. MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification KM03091103
 
a potential vulnerability has been identified in micro focus performance center. the vulnerability could be exploited to remote arbitrary file modification or remote arbitrary code execution. a potential vulnerability has been identified in micro focus performance center. the vulnerability could be exploited to remote arbitrary file modification or remote arbitrary code execution.
performance center ; security bulletins any;
security bulletins
Created:Thu Feb 08 00:00:00 GMT 2018
public
Modified:Tue Feb 13 00:00:00 GMT 2018
published
3. MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection KM03083653
 
a potential security vulnerability has been identified in micro focus fortify audit workbench (awb) and micro focus fortify software security center (ssc). the vulnerability could be exploited to allow xml external entity (xxe) injection. a potential security vulnerability has been identified in micro focus fortify audit workbench (awb) and micro focus fortify software security center (ssc). the vulnerability could be exploited to allow xml external entity (xxe) injection.
fortify software security center ; security bulletins any;
security bulletins
Created:Tue Jan 30 00:00:00 GMT 2018
public
Modified:Thu Feb 01 00:00:00 GMT 2018
published
4. MFSBGN03793 rev.2 - Project and Portfolio Management Center, Multiple vulnerabilities KM03014426
 
a potential security vulnerability has been identified in micro focus project and portfolio management center. this vulnerability could be remotely exploited to man-in-the-middle (mitm) attack and cross-site request forgery (csrf). a potential security vulnerability has been identified in micro focus project and portfolio management center. this vulnerability could be remotely exploited to man-in-the-middle (mitm) attack and cross-site request forgery (csrf).
project and portfolio management 9.32; security bulletins any;
security bulletins
Created:Tue Nov 14 00:00:00 GMT 2017
public
Modified:Tue Jan 09 00:00:00 GMT 2018
published
5. MFSBGN03795 rev.1 - Micro Focus Operations Manager i - Remote Cross-Site Scripting (XSS) KM03060545
 
a potential security vulnerability has been identified in micro focus operations manager i. the vulnerability could be remotely exploited to allow cross-site scripting (xss). a potential security vulnerability has been identified in micro focus operations manager i. the vulnerability could be remotely exploited to allow cross-site scripting (xss).
operations manager i 10.60 10.61 10.62 ; security bulletins any;
security bulletins
Created:Thu Dec 21 00:00:00 GMT 2017
public
Modified:Tue Jan 09 00:00:00 GMT 2018
published
6. MFSBGN03794 rev.1 - Micro Focus Operations Agent, Sweet32 KM03060544
 
a potential security vulnerability has been identified in micro focus operations agent. the vulnerability could be remotely exploited to remote disclosure of information. a potential security vulnerability has been identified in micro focus operations agent. the vulnerability could be remotely exploited to remote disclosure of information.
operations agent 12.00 12.01 ; security bulletins any;
security bulletins
Created:Thu Dec 21 00:00:00 GMT 2017
public
Modified:Tue Jan 09 00:00:00 GMT 2018
published
7. MFSBGN03791 rev.1 - HPE Content Manager Workgroup Service, Denial of Service (DoS) KM03006302
 
a potential security vulnerability has been identified in hpe content manager workgroup service. the vulnerability could be remotely exploited to allow denial of service (dos). a potential security vulnerability has been identified in hpe content manager workgroup service. the vulnerability could be remotely exploited to allow denial of service (dos).
content manager (hpe rm) 9.00; security bulletins any;
security bulletins
Created:Thu Nov 02 00:00:00 GMT 2017
public
Modified:Tue Jan 09 00:00:00 GMT 2018
published
8. MFSBGN03788 rev.1 - HPE Performance Center, Remote Cross-Site Scripting (XSS) KM02996754
 
a potential security vulnerability has been identified in hpe performance center. the vulnerability could be remotely exploited to allow cross-site scripting (xss). a potential security vulnerability has been identified in hpe performance center. the vulnerability could be remotely exploited to allow cross-site scripting (xss).
performance center 12.20; security bulletins any;
security bulletins
Created:Tue Oct 24 00:00:00 GMT 2017
public
Modified:Thu Nov 02 00:00:00 GMT 2017
published
9. MFSBGN03789 rev.1 - HP ArcSight ESM 6.5.1.2083.2 - Multiple Vulnerabilities KM02996760
 
potential security vulnerabilities have been identified in arcsight enterprise security management (esm) and arcsight enterprise security management express (esm express) products. these vulnerabilities could be exploited remotely to allow: * sql injection * reflected and stored cross-site scripting (xss) * url redirection to untrusted site potential security vulnerabilities have been identified in arcsight enterprise security management (esm) and arcsight enterprise security management express (esm express) products. these vulnerabilities could be exploited remotely to allow: * sql injection * reflected and stored cross-site scripting (xss) * url redirection to untrusted site
arcsight enterprise security manager ; security bulletins any;
security bulletins
Created:Tue Oct 24 00:00:00 GMT 2017
public
Modified:Fri Oct 27 00:00:00 GMT 2017
published
10. MFSBGN03786 rev.1 - HPE Connected Backup, Local Escalation of Privilege KM02987868
 
a potential security vulnerability has been identified in the hpe connected backup agent. this vulnerability could be exploited locally to allow escalation of privilege. a potential security vulnerability has been identified in the hpe connected backup agent. this vulnerability could be exploited locally to allow escalation of privilege.
connected backup 8.6 8.8.6 ; security bulletins any;
security bulletins
Created:Thu Oct 12 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
11. MFSBGN03785 rev.1 - HPE Cloud Optimizer, Remote Cross-Site Request Forgery (CSRF) KM02978021
 
a potential security vulnerability has been identified in hpe cloud optimizer. the vulnerability could be remotely exploited to allow cross-site request forgery (csrf). a potential security vulnerability has been identified in hpe cloud optimizer. the vulnerability could be remotely exploited to allow cross-site request forgery (csrf).
cloud optimizer 3.00; security bulletins ;
security bulletins
Created:Tue Oct 03 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
12. MFSBGN03783 rev.1 - HP Universal CMDB Foundation Software, Remote Code Execution and Cross-Site Scripting KM02977984
 
potential security vulnerabilities have been identified in hp universal cmdb foundation software. these vulnerabilities could be remotely exploited to allow code execution and cross-site scripting (xss). potential security vulnerabilities have been identified in hp universal cmdb foundation software. these vulnerabilities could be remotely exploited to allow code execution and cross-site scripting (xss).
security bulletins ; universal cmdb ;
security bulletins
Created:Tue Oct 03 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
13. HPESBGN03765 rev.2 - HPE LoadRunner and HPE Performance Center, Remote Disclosure of Information KM02994367
 
a security vulnerability in the des/3des block ciphers used in the tls protocol could potentially impact hpe loadrunner and hpe performance center resulting in remote disclosure of information. this is also known as the sweet32 attack. a security vulnerability in the des/3des block ciphers used in the tls protocol could potentially impact hpe loadrunner and hpe performance center resulting in remote disclosure of information. this is also known as the sweet32 attack.
loadrunner ; performance center ; security bulletins any;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
14. HPESBGN03766 rev.2 - HPE Project and Portfolio Management (PPM), Remote Cross-Site Scripting KM02994366
 
a potential security vulnerability has been identified in hpe project and portfolio management(ppm) product. the vulnerability could be exploited to allow remote cross-site scripting (xss). a potential security vulnerability has been identified in hpe project and portfolio management(ppm) product. the vulnerability could be exploited to allow remote cross-site scripting (xss).
project and portfolio management 9.30 9.31 9.32 9.40 ; security bulletins any;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
15. HPESBGN03697 rev.3 - HPE Business Service Management (BSM) using OpenSSL, Remote Disclosure of Information KM02994365
 
a security vulnerability in des/3des block ciphers used in the tls protocol could potentially impact hpe business service management 9.2x and application performance management (apm) 9.30 resulting in remote disclosure of information, also known as the sweet32 attack. a security vulnerability in des/3des block ciphers used in the tls protocol could potentially impact hpe business service management 9.2x and application performance management (apm) 9.30 resulting in remote disclosure of information, also known as the sweet32 attack.
security bulletins any;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
16. HPESBGN03732 rev.1 - HPE Data Protector, Remote Arbitrary Code Execution, Disclosure of Information KM02994363
 
potential security vulnerabilities have been identified in hpe data protector. these vulnerabilities could be exploited remotely to allow arbitrary code execution or local disclosure of information. potential security vulnerabilities have been identified in hpe data protector. these vulnerabilities could be exploited remotely to allow arbitrary code execution or local disclosure of information.
data protector ; security bulletins any;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
17. HPESBGN03764 rev.2 - HPE LoadRunner and Performance Center, Remote Cross-Site Scripting (XSS) KM02994352
 
a potential security vulnerability has been identified in hpe loadrunner and hpe performance center products in the virtual table server (vts) component. the vulnerability could be exploited to allow remote cross-site scripting (xss). all other loadrunner and performance center components are not affected. a potential security vulnerability has been identified in hpe loadrunner and hpe performance center products in the virtual table server (vts) component. the vulnerability could be exploited to allow remote cross-site scripting (xss). all other loadrunner and performance center components are not affected.
loadrunner ; performance center ; security bulletins any;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
18. HPESBGN03762 rev.1 - HPE Network Node Manager i (NNMi) Software, Remote Bypass Security Restrictions, Cross-Site Scripting (XSS), URL Redirection KM02994351
 
potential security vulnerabilities have been identified in hpe network node manager i. the vulnerabilities could be remotely exploited to allow bypass security restrictions, cross-site scripting (xss), and/or url redirection. potential security vulnerabilities have been identified in hpe network node manager i. the vulnerabilities could be remotely exploited to allow bypass security restrictions, cross-site scripting (xss), and/or url redirection.
security bulletins any;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
19. HPESBGN03763 rev.1 - HPE SiteScope, Disclosure of Sensitive Information, Bypass Security Restriction, Remote Arbitrary Code Execution KM02994350
 
potential security vulnerabilities have been identified in hpe sitescope. the vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution. potential security vulnerabilities have been identified in hpe sitescope. the vulnerabilities could be exploited to allow disclosure of sensitive information, bypass security restriction, and remote arbitrary code execution.
security bulletins any; sitescope ;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published
20. HPESBGN03761 rev.1 - HPE Virtualization Performance Viewer (VPV)/ Cloud Optimizer using Linux, Remote Escalation of Privilege KM02994349
 
a security vulnerability in linux kernel, also known as "dirty cow", has been addressed in hpe virtualization performance viewer (vpv)/ cloud optimizer – virtual appliance. this vulnerability could be exploited remotely to allow escalation of privilege. a security vulnerability in linux kernel, also known as "dirty cow", has been addressed in hpe virtualization performance viewer (vpv)/ cloud optimizer – virtual appliance. this vulnerability could be exploited remotely to allow escalation of privilege.
cloud optimizer ; security bulletins any;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri Oct 20 00:00:00 GMT 2017
published