Micro Focus Email

Send E-mail

 

   Micro Focus Enterprise Software Vulnerability Alerts

 

Micro Focus incorporates IT industry best practices during the product development lifecycle to ensure a strong focus on security. Micro Focus engineering and manufacturing practices are designed to meet product security requirements, protect Micro Focus intellectual property, and support Micro Focus product warranty requirements.

When a new industry-wide security vulnerability is released, Micro Focus investigates its product line to determine the impact. For impacted products, Security Bulletins will be published. These bulletins will contain impacted product versions and the resolution (patch, upgrade, or configuration change).

You may subscribe to receive real-time notifications on future Micro Focus Security Bulletins and advisories for your products - Subscribe to alerts for your products.

Recent Documents

1. KM03525630 - Data Protector Local privilege escalation via omniresolve - CVE-2019-11660. KM03525630
 
a potential vulnerability has been identified in micro focus data protector. the vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges. a potential vulnerability has been identified in micro focus data protector. the vulnerability could be exploited by a low-privileged user to execute a custom binary with higher privileges.
data protector 10.00 10.01 10.02 10.03 10.04 10.10 10.20 10.30 10.40 ; security bulletins any;
security bulletins
Created:Fri Sep 13 00:00:00 GMT 2019
public
Modified:Fri Sep 13 00:00:00 GMT 2019
published
2. KM03518793 - Service Manager verification of Windows .EXE product files - CVE-2019-11670. KM03518793
 
vulnerability summary a potential vulnerability has been identified in service manager. the vulnerability could be exploited to prevent the verification of windows .exe product files provided by micro focus. vulnerability summary a potential vulnerability has been identified in service manager. the vulnerability could be exploited to prevent the verification of windows .exe product files provided by micro focus.
security bulletins any; service manager 9.62;
security bulletins
Created:Tue Sep 10 00:00:00 GMT 2019
public
Modified:Tue Sep 10 00:00:00 GMT 2019
published
3. KM03518316 - Service Manager vulnerabilities - CVE-2019-11661, CVE-2019-11662, CVE-2019-11663, CVE-2019-11664, CVE-2019-11665, CVE-2019-11666, CVE-2018-0732, CVE-2018-0737. KM03518316
 
potential vulnerabilities have been identified in service manager: * can be exploited to allow unauthorized access and modification of data. * can be exploited in some special cases to allow information exposure through an error message. * can be exploited to allow sensitive data exposure. * the vulnerability could be exploited to allow a denial of service and sensitive data exposure. * the vulnerability could be exploited to allow insecure deserialization of untrusted data. potential vulnerabilities have been identified in service manager: * can be exploited to allow unauthorized access and modification of data. * can be exploited in some special cases to allow information exposure through an error message. * can be exploited to allow sensitive data exposure. * the vulnerability could be exploited to allow a denial of service and sensitive data exposure. * the vulnerability could be exploited to allow insecure deserialization of untrusted data.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 9.52 9.60 9.61 9.62 ;
security bulletins
Created:Mon Sep 09 00:00:00 GMT 2019
public
Modified:Mon Sep 09 00:00:00 GMT 2019
published
4. KM03517334 - Service Manager Modifiable read only check box in FF - CVE-2019-11669. KM03517334
 
a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized modification of data. a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized modification of data.
security bulletins any; service manager 9.60 9.61 9.62 ;
security bulletins
Created:Fri Sep 06 00:00:00 GMT 2019
public
Modified:Fri Sep 06 00:00:00 GMT 2019
published
5. KM03517335 - Service Manager HTTP cookie vulnerability - CVE-2019-11668. KM03517335
 
a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow access to sensitive data in client-side. a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow access to sensitive data in client-side.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 9.52 9.60 9.61 9.62 ;
security bulletins
Created:Fri Sep 06 00:00:00 GMT 2019
public
Modified:Fri Sep 06 00:00:00 GMT 2019
published
6. KM03517346 - Service Manager unauthorized access to contact information - CVE-2019-11667. KM03517346
 
a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized access to private data. a potential vulnerability has been identified in service manager. the vulnerability could be exploited to allow unauthorized access to private data.
security bulletins any; service manager 9.41 9.50 9.51 9.52 9.60 9.61 9.62 ;
security bulletins
Created:Fri Sep 06 00:00:00 GMT 2019
public
Modified:Fri Sep 06 00:00:00 GMT 2019
published
7. KM03515374 - Service Management Automation SMA - kubectl creates world-writeable schemas - CVE-2019-11244. KM03515374
 
a vulnerability in a kubernetes component used by micro focus cdf platform was addressed by micro focus service management automation (sma). the vulnerability which originates from the kubernetes component, could be exploited to allow unauthorized modification of data and denial of service. however, after analysis, micro focus r&d teams have determined that the shipping out-of-the-box configuration of the kubernetes component that supports sma is actually not vulnerable; that is the kubectl command is not run in such a way to cause the vulnerability out-of-box. however, because customers may run custom commands with the affected kubectl after the product is installed and deployed, micro focus has issued this security bulletin for customers to take action. a vulnerability in a kubernetes component used by micro focus cdf platform was addressed by micro focus service management automation (sma). the vulnerability which originates from the kubernetes component, could be exploited to allow unauthorized modification of data and denial of service. however, after analysis, micro focus r&d teams have determined that the shipping out-of-the-box configuration of the kubernetes component that supports sma is actually not vulnerable; that is the kubectl command is not run in such a way to cause the vulnerability out-of-box. however, because customers may run custom commands with the affected kubectl after the product is installed and deployed, micro focus has issued this security bulletin for customers to take action.
security bulletins any; service management automation ; sm automation containerized 2018.02 2018.05 2018.08 2018.11 2019.02 2019.05 2019.08 ;
security bulletins
Created:Thu Sep 05 00:00:00 GMT 2019
public
Modified:Thu Sep 05 00:00:00 GMT 2019
published
8. KM03496282 - Information exposure vulnerability in Content Manager CVE-2019-11658. KM03496282
 
an information exposure vulnerability in content manager 9.1 prior to 9.1 patch 6 hotfix 6, 9.2 prior to 9.2 patch 3 hotfix 2 and 9.3 prior to 9.3 patch 2 hotfix 3, when configured to use an oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state. an information exposure vulnerability in content manager 9.1 prior to 9.1 patch 6 hotfix 6, 9.2 prior to 9.2 patch 3 hotfix 2 and 9.3 prior to 9.3 patch 2 hotfix 3, when configured to use an oracle database, allows valid system users to gain access to a limited subset of records they would not normally be able to access when the system is in an undisclosed abnormal state.
content manager 9.10 9.20 9.30 ; security bulletins any;
security bulletins
Created:Fri Aug 23 00:00:00 GMT 2019
public
Modified:Fri Aug 23 00:00:00 GMT 2019
published
9. KM03459854 - Micro Focus Service Manager, CVE-2017-7525, CVE-2017-15095, CVE-2018-7489 KM03459854
 
a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to allow unauthenticated remote code execution against the service manager web tier. a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to allow unauthenticated remote code execution against the service manager web tier.
security bulletins any; service manager 9.50 9.51 9.52 9.60 ;
security bulletins
Created:Thu Jun 13 00:00:00 GMT 2019
public
Modified:Tue Aug 13 00:00:00 GMT 2019
published
10. KM03489552 Micro Focus content manager, CVE-2019-11653. KM03489552
 
an access control bypass vulnerability has been identified in the web client component of content manager, affecting version 9.1 prior to 9.1.6.6, 9.2 prior to 9.2.3.2 and 9.3 prior to 9.3.2.3. the vulnerability could be exploited to manipulate data stored during another user's checkin request. existing mitigation information: to successfully exploit the vulnerability requires the attacker to have access to generally protected or inaccessible information, including having an active user account themselves, knowledge of internal identifiers of targeted user(s), and the name of files other users are actively operating against. in addition, the attacker has a limited time window to exploit the vulnerability during concurrent user activity, which can be further minimized by the system administrator via configuration an access control bypass vulnerability has been identified in the web client component of content manager, affecting version 9.1 prior to 9.1.6.6, 9.2 prior to 9.2.3.2 and 9.3 prior to 9.3.2.3. the vulnerability could be exploited to manipulate data stored during another user's checkin request. existing mitigation information: to successfully exploit the vulnerability requires the attacker to have access to generally protected or inaccessible information, including having an active user account themselves, knowledge of internal identifiers of targeted user(s), and the name of files other users are actively operating against. in addition, the attacker has a limited time window to exploit the vulnerability during concurrent user activity, which can be further minimized by the system administrator via configuration
content manager 9.10 9.20 9.30 ; security bulletins any;
security bulletins
Created:Tue Aug 06 00:00:00 GMT 2019
public
Modified:Tue Aug 13 00:00:00 GMT 2019
published
11. KM03461174 Micro Focus Fortify Software Security Center Server, CVE-2019-11649 KM03461174
 
a potential cross-site scripting vulnerability has been identified in micro focus fortify software security center server. the vulnerability could be exploited to execute javascript code in user's browser. a potential cross-site scripting vulnerability has been identified in micro focus fortify software security center server. the vulnerability could be exploited to execute javascript code in user's browser.
fortify software security center server 17.20 18.10 18.20 ; security bulletins any;
security bulletins
Created:Mon Jun 17 00:00:00 GMT 2019
public
Modified:Thu Jun 20 00:00:00 GMT 2019
published
12. KM03459924 - Micro Focus Service Manager, CVE-2016-5000 KM03459924
 
a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to allow remote attackers to read arbitrary files via a crafted openxml document containing an external entity declaration in conjunction with an entity reference against the service manager server and web tier. a potential security vulnerability has been identified with service manager. the vulnerability could be exploited to allow remote attackers to read arbitrary files via a crafted openxml document containing an external entity declaration in conjunction with an entity reference against the service manager server and web tier.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 9.52 9.60 9.61 ;
security bulletins
Created:Thu Jun 13 00:00:00 GMT 2019
public
Modified:Thu Jun 13 00:00:00 GMT 2019
published
13. KM03452977 - Micro Focus Service Manager, CVE-2019-11646 KM03452977
 
a potential security vulnerability has been identified with service manager. this vulnerability may result in unauthorized command execution and unauthorized disclosure of information. a potential security vulnerability has been identified with service manager. this vulnerability may result in unauthorized command execution and unauthorized disclosure of information.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 9.52 9.60 9.61 ;
security bulletins
Created:Mon Jun 03 00:00:00 GMT 2019
public
Modified:Mon Jun 03 00:00:00 GMT 2019
published
14. MFSBGN03846 rev.1 - Micro Focus Service Management Automation (SMA), CVE-2019-5736 KM03410944
 
a vulnerability in docker-runc was addressed by micro focus service management automation (sma). the vulnerability could be exploited to local unauthorized disclosure of information, local unauthorized modification and local disruption of service. a vulnerability in docker-runc was addressed by micro focus service management automation (sma). the vulnerability could be exploited to local unauthorized disclosure of information, local unauthorized modification and local disruption of service.
security bulletins any; sm automation containerized 2018.02 2018.05 2018.08 2018.11 ;
security bulletins
Created:Sun May 05 00:00:00 GMT 2019
public
Modified:Sun May 05 00:00:00 GMT 2019
published
15. HPESBGN03740 rev.1 - HPE Network Automation, Multiple Remote Vulnerabilities KM02994342
 
potential security vulnerabilities have been identified in hpe network automation. the vulnerabilities could be remotely exploited to allow sql injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management. potential security vulnerabilities have been identified in hpe network automation. the vulnerabilities could be remotely exploited to allow sql injection, code execution, information disclosure, authentication bypass, elevated privilege execution, and invalid session management.
network automation ; security bulletins any;
security bulletins
Created:Fri Oct 20 00:00:00 GMT 2017
public
Modified:Fri May 03 00:00:00 GMT 2019
published
16. MFSBGN03845 rev.1 - Micro Focus Network Automation and Micro Focus Network Operations Management (NOM), Remote Code Execution KM03407763
 
a potential security vulnerability has been identified in micro focus network automation and micro focus network operations management (nom). the vulnerability could be remotely exploited to remote code execution. a potential security vulnerability has been identified in micro focus network automation and micro focus network operations management (nom). the vulnerability could be remotely exploited to remote code execution.
network automation 10.00 10.10 10.20 10.30 10.40 10.50 2018.05 2018.08 2018.11 9.20 9.21 ; network operations management all ; security bulletins any;
security bulletins
Created:Sun Apr 28 00:00:00 GMT 2019
public
Modified:Sun Apr 28 00:00:00 GMT 2019
published
17. MFSBGN03843 rev.1 - Micro Focus Content Manager, Remote upload content to arbitrary locations KM03359911
 
an unauthenticated file upload vulnerability has been identified in the web client component of content manager when configured to use the adfs authentication method. the vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the content manager server. an unauthenticated file upload vulnerability has been identified in the web client component of content manager when configured to use the adfs authentication method. the vulnerability could be exploited by an unauthenticated remote attacker to upload content to arbitrary locations on the content manager server.
content manager 9.10 9.20 9.30 ; security bulletins any;
security bulletins
Created:Sun Mar 17 00:00:00 GMT 2019
public
Modified:Thu Mar 28 00:00:00 GMT 2019
published
18. MFSBGN03842 rev.1 - Micro Focus ArcSight Logger, Multiple Vulnerabilities KM03355866
 
this bulleting covers multiple potential vulnerabilities that have been identified in micro focus arcsight logger. the vulnerabilities could be exploited to remote code execution, stored/reflected xss, xml external entity parsing, directory traversal and disclosure of information. this bulleting covers multiple potential vulnerabilities that have been identified in micro focus arcsight logger. the vulnerabilities could be exploited to remote code execution, stored/reflected xss, xml external entity parsing, directory traversal and disclosure of information.
arcsight logger software 5.0 5.1 5.2 5.3 5.5 6.0 6.1 6.11 6.21 6.3 6.31 6.4 6.41 6.5 6.6 6.61 ; security bulletins any;
security bulletins
Created:Mon Mar 11 00:00:00 GMT 2019
public
Modified:Mon Mar 11 00:00:00 GMT 2019
published
19. MFSBGN03840 rev.1 - Data Protector, Remote Arbitrary Code Execution KM03337614
 
potential security vulnerability has been identified in micro focus data protector. this vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of micro focus data protector. potential security vulnerability has been identified in micro focus data protector. this vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of micro focus data protector.
data protector 10.03; security bulletins any;
security bulletins
Created:Wed Feb 20 00:00:00 GMT 2019
public
Modified:Wed Feb 20 00:00:00 GMT 2019
published
20. MFSBGN03839 rev.1 - Service Management Automation (SMA), Kubernetes vulnerability CVE-2018-1002105 KM03325912
 
a vulnerability in kubernetes used in cdf component was addressed by service management automation (sma)-sm. the vulnerability could be exploited to allow unauthorized disclosure of information, unauthorized modification and disruption of service. a vulnerability in kubernetes used in cdf component was addressed by service management automation (sma)-sm. the vulnerability could be exploited to allow unauthorized disclosure of information, unauthorized modification and disruption of service.
security bulletins any; sm automation containerized 2017.04 2017.07 2017.11 2018.02 2018.05 2018.08 ;
security bulletins
Created:Tue Jan 29 00:00:00 GMT 2019
public
Modified:Tue Jan 29 00:00:00 GMT 2019
published