Micro Focus Enterprise Software Vulnerability Alerts

 

Micro Focus incorporates IT industry best practices during the product development lifecycle to ensure a strong focus on security. Micro Focus engineering and manufacturing practices are designed to meet product security requirements, protect Micro Focus intellectual property, and support Micro Focus product warranty requirements.

When a new industry-wide security vulnerability is released, Micro Focus investigates its product line to determine the impact. For impacted products, Security Bulletins will be published. These bulletins will contain impacted product versions and the resolution (patch, upgrade, or configuration change).

You may subscribe to receive real-time notifications on future Micro Focus Security Bulletins and advisories for your products - Subscribe to alerts for your products.

Recent Documents

Minimize Maximize
1. MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF KM03180069
 
a potential vulnerability has been identified in ucmdb server. this vulnerability could be exploited to deserialization & cross-site request forgery (csrf). a potential vulnerability has been identified in ucmdb server. this vulnerability could be exploited to deserialization & cross-site request forgery (csrf).
security bulletins any;
security bulletins
Created:Wed Jun 13 00:00:00 GMT 2018
public
Modified:Fri Jun 15 00:00:00 GMT 2018
published
2. MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF KM03180066
 
a potential vulnerability has been identified in ucmdb browser. this vulnerability could be exploited to deserialization & cross-site request forgery (csrf). a potential vulnerability has been identified in ucmdb browser. this vulnerability could be exploited to deserialization & cross-site request forgery (csrf).
security bulletins any; universal cmdb 10.11;
security bulletins
Created:Wed Jun 13 00:00:00 GMT 2018
public
Modified:Fri Jun 15 00:00:00 GMT 2018
published
3. MFSBGN03808 rev.1 - Micro Focus UCMDB, Cross-Site Scripting KM03164778
 
a potential security vulnerability has been identified in micro focus universal cmdb/cms and micro focus ucmdb browser. the vulnerability could be remotely exploited to allow cross-site scripting (xss). a potential security vulnerability has been identified in micro focus universal cmdb/cms and micro focus ucmdb browser. the vulnerability could be remotely exploited to allow cross-site scripting (xss).
security bulletins any; universal cmdb 10.20 10.21 10.22 10.30 10.31 10.32 10.33 11.00 ;
security bulletins
Created:Tue May 22 00:00:00 GMT 2018
public
Modified:Wed May 23 00:00:00 GMT 2018
published
4. MFSBGN03807 rev.1 - HP Service Manager Software, Multiple Vulnerabilities KM03158656
 
a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to perform sql injection against the service manager web tier which may lead to unauthorized disclosure of data. a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to perform sql injection against the service manager web tier which may lead to unauthorized disclosure of data.
security bulletins ; service manager ;
security bulletins
Created:Thu May 10 00:00:00 GMT 2018
public
Modified:Mon May 14 00:00:00 GMT 2018
published
5. MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information KM03158629
 
a potential vulnerability has been identified in 3rd party component used by micro focus virtualization performance viewer (vpv) / cloud optimizer virtual appliance. the vulnerability could be exploited to local disclosure of information. a potential vulnerability has been identified in 3rd party component used by micro focus virtualization performance viewer (vpv) / cloud optimizer virtual appliance. the vulnerability could be exploited to local disclosure of information.
cloud optimizer 2.20 3.00 3.01 3.02 3.03 ; performance ; security bulletins ;
security bulletins
Created:Thu May 10 00:00:00 GMT 2018
public
Modified:Mon May 14 00:00:00 GMT 2018
published
6. MFSBGN03805 - HP Service Manager, Remote Disclosure of Information KM03158613
 
a potential security vulnerability has been identified in service manager. this vulnerability may allow an exploit against a long-duration encrypted session known as the sweet32 attack, and which may be exploited remotely. a potential security vulnerability has been identified in service manager. this vulnerability may allow an exploit against a long-duration encrypted session known as the sweet32 attack, and which may be exploited remotely.
security bulletins ; service manager ;
security bulletins
Created:Thu May 10 00:00:00 GMT 2018
public
Modified:Mon May 14 00:00:00 GMT 2018
published
7. MFSBGN03804 - HP Service Manager Software, Remote Disclosure of Information KM03158061
 
potential security vulnerabilities have been identified with service manager. these vulnerabilities have been identified in the openssl open source library component and may be exploited to cause disruption of service and unauthorized disclosure of information. potential security vulnerabilities have been identified with service manager. these vulnerabilities have been identified in the openssl open source library component and may be exploited to cause disruption of service and unauthorized disclosure of information.
security bulletins ; service manager ;
security bulletins
Created:Wed May 09 00:00:00 GMT 2018
public
Modified:Mon May 14 00:00:00 GMT 2018
published
8. MFSBGN03806 rev.1 - HP Network Automation Software, Network Operations Management (NOM) Suite, Multiple Vulnerabilities KM03158014
 
a potential security vulnerability has been identified in micro focus network automation and network operations management (nom) suite. the vulnerabilities could be remotely exploited to allow sql injection, persist cross-site scripting, and non-persistent html injection. a potential security vulnerability has been identified in micro focus network automation and network operations management (nom) suite. the vulnerabilities could be remotely exploited to allow sql injection, persist cross-site scripting, and non-persistent html injection.
network automation 10.00 10.10 10.11 10.20 10.30 10.40 10.50 ; network operations management ultimate 2017.07 2017.11 2018.02 ; security bulletins any;
security bulletins
Created:Wed May 09 00:00:00 GMT 2018
public
Modified:Mon May 14 00:00:00 GMT 2018
published
9. MFSBGN03803 rev.1 - UCMDB, Installation File Access Control Privilege Escalation Vulnerability KM03141180
 
a potential security vulnerability has been identified in micro focus ucmdb. the vulnerability could be remotely exploited to local escalation of privilege. a potential security vulnerability has been identified in micro focus ucmdb. the vulnerability could be remotely exploited to local escalation of privilege.
security bulletins any; universal cmdb 10.20 10.21 10.22 10.30 10.31 10.32 10.33 11.00 ;
security bulletins
Created:Wed Apr 11 00:00:00 GMT 2018
public
Modified:Mon Apr 16 00:00:00 GMT 2018
published
10. MFSBGN03802 - Virtualization Performance Viewer (vPV) / Cloud Optimizer, Local Disclosure of Information KM03140487
 
a potential vulnerability has been identified in micro focus virtualization performance viewer (vpv) / cloud optimizer. the vulnerability could be exploited to local disclosure of information. a potential vulnerability has been identified in micro focus virtualization performance viewer (vpv) / cloud optimizer. the vulnerability could be exploited to local disclosure of information.
cloud optimizer 2.20 3.00 3.01 3.02 3.03 ; security bulletins any;
security bulletins
Created:Tue Apr 10 00:00:00 GMT 2018
public
Modified:Thu Apr 12 00:00:00 GMT 2018
published
11. MFSBGN03801 rev.1 - Micro Focus Operations Orchestration, Remote Denial of Service (DoS) KM03103896
 
a potential security vulnerability has been identified in micro focus operations orchestration. the vulnerability could be remotely exploited to allow denial of service (dos). a potential security vulnerability has been identified in micro focus operations orchestration. the vulnerability could be remotely exploited to allow denial of service (dos).
operations orchestration ; security bulletins any;
security bulletins
Created:Mon Feb 26 00:00:00 GMT 2018
public
Modified:Thu Mar 01 00:00:00 GMT 2018
published
12. MFSBGN03794 rev.2 - Micro Focus Operations Agent Multiple vulnerabilities KM03060544
 
a potential security vulnerabilities has been identified in micro focus operations agent. the vulnerabilities could be remotely exploited to remote disclosure of information. at this time micro focus alarm manager uses a vulnerable encryption infrastructure. a potential security vulnerabilities has been identified in micro focus operations agent. the vulnerabilities could be remotely exploited to remote disclosure of information. at this time micro focus alarm manager uses a vulnerable encryption infrastructure.
operations agent 12.00 12.01 ; security bulletins any;
security bulletins
Created:Thu Dec 21 00:00:00 GMT 2017
public
Modified:Wed Feb 28 00:00:00 GMT 2018
published
13. MFSBGN03793 rev.3 - Project and Portfolio Management Center, Multiple vulnerabilities KM03014426
 
a potential security vulnerability has been identified in micro focus project and portfolio management center. this vulnerability could be remotely exploited to execute a man-in-the-middle (mitm) attack, cross-site request forgery (csrf), and xml external entity (xxe). a potential security vulnerability has been identified in micro focus project and portfolio management center. this vulnerability could be remotely exploited to execute a man-in-the-middle (mitm) attack, cross-site request forgery (csrf), and xml external entity (xxe).
project and portfolio management 9.32; security bulletins any;
security bulletins
Created:Tue Nov 14 00:00:00 GMT 2017
public
Modified:Thu Feb 22 00:00:00 GMT 2018
published
14. MFSBGN03798 rev.1 - Micro Focus UCMDB-Browser, Apache Struts Instance KM03086019
 
a potential security vulnerability has been identified in micro focus universal cmdb. the vulnerability could be remotely exploited to allow arbitrary code execution. a potential security vulnerability has been identified in micro focus universal cmdb. the vulnerability could be remotely exploited to allow arbitrary code execution.
security bulletins any; universal cmdb ;
security bulletins
Created:Fri Feb 02 00:00:00 GMT 2018
public
Modified:Wed Feb 21 00:00:00 GMT 2018
published
15. MFSBGN03799 rev.1 - Micro Focus UCMDB, Remote Disclosure of Information KM03091097
 
a potential vulnerability has been identified in micro focus ucmdb. the vulnerability could be remotely exploited to allow disclosure of information. a potential vulnerability has been identified in micro focus ucmdb. the vulnerability could be remotely exploited to allow disclosure of information.
security bulletins any; universal cmdb 10.10 10.11 10.20 10.21 10.30 10.31 4.1 ;
security bulletins
Created:Thu Feb 08 00:00:00 GMT 2018
public
Modified:Tue Feb 20 00:00:00 GMT 2018
published
16. MFSBGN03800 rev.1 - Micro Focus Performance Center, Remote Arbitrary Code Execution or Remote Arbitrary File Modification KM03091103
 
a potential vulnerability has been identified in micro focus performance center. the vulnerability could be exploited to remote arbitrary file modification or remote arbitrary code execution. a potential vulnerability has been identified in micro focus performance center. the vulnerability could be exploited to remote arbitrary file modification or remote arbitrary code execution.
performance center ; security bulletins any;
security bulletins
Created:Thu Feb 08 00:00:00 GMT 2018
public
Modified:Tue Feb 13 00:00:00 GMT 2018
published
17. MFSBGN03797 rev.1 - Micro Focus Fortify Audit Workbench (AWB) and Micro Focus Fortify Software Security Center (SSC), XML External Entity Injection KM03083653
 
a potential security vulnerability has been identified in micro focus fortify audit workbench (awb) and micro focus fortify software security center (ssc). the vulnerability could be exploited to allow xml external entity (xxe) injection. a potential security vulnerability has been identified in micro focus fortify audit workbench (awb) and micro focus fortify software security center (ssc). the vulnerability could be exploited to allow xml external entity (xxe) injection.
fortify software security center ; security bulletins any;
security bulletins
Created:Tue Jan 30 00:00:00 GMT 2018
public
Modified:Thu Feb 01 00:00:00 GMT 2018
published
18. MFSBGN03795 rev.1 - Micro Focus Operations Manager i - Remote Cross-Site Scripting (XSS) KM03060545
 
a potential security vulnerability has been identified in micro focus operations manager i. the vulnerability could be remotely exploited to allow cross-site scripting (xss). a potential security vulnerability has been identified in micro focus operations manager i. the vulnerability could be remotely exploited to allow cross-site scripting (xss).
operations manager i 10.60 10.61 10.62 ; security bulletins any;
security bulletins
Created:Thu Dec 21 00:00:00 GMT 2017
public
Modified:Tue Jan 09 00:00:00 GMT 2018
published
19. MFSBGN03791 rev.1 - HPE Content Manager Workgroup Service, Denial of Service (DoS) KM03006302
 
a potential security vulnerability has been identified in hpe content manager workgroup service. the vulnerability could be remotely exploited to allow denial of service (dos). a potential security vulnerability has been identified in hpe content manager workgroup service. the vulnerability could be remotely exploited to allow denial of service (dos).
content manager (hpe rm) 9.00; security bulletins any;
security bulletins
Created:Thu Nov 02 00:00:00 GMT 2017
public
Modified:Tue Jan 09 00:00:00 GMT 2018
published
20. MFSBGN03788 rev.1 - HPE Performance Center, Remote Cross-Site Scripting (XSS) KM02996754
 
a potential security vulnerability has been identified in hpe performance center. the vulnerability could be remotely exploited to allow cross-site scripting (xss). a potential security vulnerability has been identified in hpe performance center. the vulnerability could be remotely exploited to allow cross-site scripting (xss).
performance center 12.20; security bulletins any;
security bulletins
Created:Tue Oct 24 00:00:00 GMT 2017
public
Modified:Thu Nov 02 00:00:00 GMT 2017
published