Scroll to Top
 

Micro Focus Email

Send E-mail

 

   Micro Focus Enterprise Software Vulnerability Alerts

 

Micro Focus incorporates IT industry best practices during the product development lifecycle to ensure a strong focus on security. Micro Focus engineering and manufacturing practices are designed to meet product security requirements, protect Micro Focus intellectual property, and support Micro Focus product warranty requirements.

When a new industry-wide security vulnerability is released, Micro Focus investigates its product line to determine the impact. For impacted products, Security Bulletins will be published. These bulletins will contain impacted product versions and the resolution (patch, upgrade, or configuration change).

You may subscribe to receive real-time notifications on future Micro Focus Security Bulletins and advisories for your products - Subscribe to alerts for your products.

Recent Documents

1. MFSBGN03834 rev.1 - Fortify Software Security Center (SSC), Remote Unauthorized Access KM03298201
 
the ssc rest api contains insecure direct object reference (idor) vulnerabilities that allow authenticated users access to arbitrary details of the local and ldap users via post method and to arbitrary details of other user's fortify projects via get method. the ssc rest api contains insecure direct object reference (idor) vulnerabilities that allow authenticated users access to arbitrary details of the local and ldap users via post method and to arbitrary details of other user's fortify projects via get method.
fortify software security center server 17.10 17.20 18.10 ; security bulletins any;
security bulletins
Created:Thu Dec 06 00:00:00 GMT 2018
public
Modified:Wed Dec 12 00:00:00 GMT 2018
published
2. MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities KM03302206
 
a vulnerabilities in apache tomcat was addressed by micro focus network node manager i. the vulnerability could be exploited remote cross-site scripting (xss) and remote disclosure of information a vulnerabilities in apache tomcat was addressed by micro focus network node manager i. the vulnerability could be exploited remote cross-site scripting (xss) and remote disclosure of information
network node manager i ultimate na; security bulletins any;
security bulletins
Created:Wed Dec 12 00:00:00 GMT 2018
public
Modified:Wed Dec 12 00:00:00 GMT 2018
published
3. MFSBGN03831 rev. - Service Management Automation, remote disclosure of information KM03286178
 
a potential vulnerability has been identified in micro focus service management automation.  the vulnerability could be exploited to remote disclosure of information a potential vulnerability has been identified in micro focus service management automation.  the vulnerability could be exploited to remote disclosure of information
security bulletins any; sm automation containerized 2017.11 2018.02 2018.05 ;
security bulletins
Created:Mon Nov 12 00:00:00 GMT 2018
public
Modified:Mon Nov 12 00:00:00 GMT 2018
published
4. MFSBGN03830 rev.1 - Service Manager, unauthorized disclosure of information KM03286177
 
a potential security vulnerability has been identified with service manager the vulnerability could be exploited to unauthorized disclosure of information a potential security vulnerability has been identified with service manager the vulnerability could be exploited to unauthorized disclosure of information
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 ;
security bulletins
Created:Mon Nov 12 00:00:00 GMT 2018
public
Modified:Mon Nov 12 00:00:00 GMT 2018
published
5. MFSBGN03823 rev.1 - Micro Focus Service Manager, unauthorized disclosure of data KM03286176
 
a potential vulnerability has been identified in micro focus service manager. the vulnerability could be exploited to unauthorized disclosure of data. a potential vulnerability has been identified in micro focus service manager. the vulnerability could be exploited to unauthorized disclosure of data.
security bulletins any; service manager 9.30 9.31 9.32 9.33 9.34 9.35 9.40 9.41 9.50 9.51 ;
security bulletins
Created:Mon Nov 12 00:00:00 GMT 2018
public
Modified:Mon Nov 12 00:00:00 GMT 2018
published
6. MFSBGN03829 rev.1 - Micro Focus Operation Bridge Containerized Suite, Remote Code Execution KM03283416
 
a potential vulnerability has been identified in the operations bridge manager capability of the micro focus operations bridge containerized suite. the vulnerability could be exploited to remote code execution and information disclosure. a potential vulnerability has been identified in the operations bridge manager capability of the micro focus operations bridge containerized suite. the vulnerability could be exploited to remote code execution and information disclosure.
operations bridge containerized 2017.11 2018.02 2018.05 2018.08 ; security bulletins any;
security bulletins
Created:Wed Nov 07 00:00:00 GMT 2018
public
Modified:Wed Nov 07 00:00:00 GMT 2018
published
7. MFSBGN03827 rev.1 - Microfocus Real User Monitoring 9.4.0 BPRDownload Java Deserialization Vulnerability KM03272900
 
a potential vulnerability has been identified in micro focus' real user monitoring software. the vulnerability could be exploited to execute arbitrary. a potential vulnerability has been identified in micro focus' real user monitoring software. the vulnerability could be exploited to execute arbitrary.
real user monitor 9.26 9.30 9.40 9.50 ; security bulletins any;
security bulletins
Created:Fri Oct 19 00:00:00 GMT 2018
public
Modified:Tue Oct 23 00:00:00 GMT 2018
published
8. MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability KM03245142
 
potential security vulnerabilities have been identified in arcsight management center (arcmc). these vulnerabilities could be remotely exploited to allow: * csrf, * xss, * arbitrary file download, * disclosure of information, * access restriction bypass, * directory traversal potential security vulnerabilities have been identified in arcsight management center (arcmc). these vulnerabilities could be remotely exploited to allow: * csrf, * xss, * arbitrary file download, * disclosure of information, * access restriction bypass, * directory traversal
arcsight management center 1.0 2.0 2.1 2.2 2.21 2.5 2.51 2.6 2.61 2.7 2.8 ; security bulletins any;
security bulletins
Created:Tue Sep 11 00:00:00 GMT 2018
public
Modified:Wed Sep 19 00:00:00 GMT 2018
published
9. MFSBGN03813 rev.1 - Network Operations Management (NOM) Suite CDF, Remote Code Execution KM03236632
 
a potential vulnerabilities has been identified in micro focus autopass license server (apls) and container deployment foundation (cdf) available as part of micro focus network operations management (nom) suite cdf. the vulnerabilities could be exploited to remote code execution. a potential vulnerabilities has been identified in micro focus autopass license server (apls) and container deployment foundation (cdf) available as part of micro focus network operations management (nom) suite cdf. the vulnerabilities could be exploited to remote code execution.
network operations management express 2017.11 2018.02 2018.05 ; network operations management premium 2017.11 2018.02 2018.05 ; network operations management ultimate 2017.11 2018.02 2018.05 ; security bulletins any;
security bulletins
Created:Thu Aug 30 00:00:00 GMT 2018
public
Modified:Thu Aug 30 00:00:00 GMT 2018
published
10. MFSBGN03822 rev.1 - Micro Focus Network Virtualization (NV) with floating licenses, Micro Focus Unified Functional Testing (UFT) with floating licenses and Micro Focus Service Virtualization (SV) with floating licenses, remote code execution KM03236726
 
a potential vulnerability has been identified in autopass license server (apls) which is a part of the micro focus network virtualization (nv) with floating licenses, micro focus unified functional testing (uft) with floating licenses and micro focus service virtualization (sv) with floating licenses deployment. the vulnerability could be exploited to remote code execution. a potential vulnerability has been identified in autopass license server (apls) which is a part of the micro focus network virtualization (nv) with floating licenses, micro focus unified functional testing (uft) with floating licenses and micro focus service virtualization (sv) with floating licenses deployment. the vulnerability could be exploited to remote code execution.
network virtualization 12.50; security bulletins any; service virtualization 1.00; unified functional testing 12.50;
security bulletins
Created:Thu Aug 30 00:00:00 GMT 2018
public
Modified:Thu Aug 30 00:00:00 GMT 2018
published
11. MFSBGN03821 rev.1 - Micro Focus Hybrid Cloud Management (HCM) containerized suite, Remote Code Execution KM03236725
 
a potential vulnerability has been identified in micro focus container deployment foundation (cdf) available as part of micro focus hybrid cloud management (hcm) containerized suite. the vulnerabilities could be exploited to remote code execution. a potential vulnerability has been identified in micro focus container deployment foundation (cdf) available as part of micro focus hybrid cloud management (hcm) containerized suite. the vulnerabilities could be exploited to remote code execution.
hybrid cloud management containerized 2017.11; security bulletins any;
security bulletins
Created:Thu Aug 30 00:00:00 GMT 2018
public
Modified:Thu Aug 30 00:00:00 GMT 2018
published
12. MFSBGN03820 rev.1 - Micro Focus Hybrid Cloud Management (HCM) containerized suites, remote code execution KM03236722
 
a potential vulnerability has been identified in micro focus autopass license server (apls) available as part of micro focus hybrid cloud management (hcm) containerized suites. the vulnerability could be exploited to remote code execution. a potential vulnerability has been identified in micro focus autopass license server (apls) available as part of micro focus hybrid cloud management (hcm) containerized suites. the vulnerability could be exploited to remote code execution.
hybrid cloud management containerized 2017.08 2017.11 ; security bulletins any;
security bulletins
Created:Thu Aug 30 00:00:00 GMT 2018
public
Modified:Thu Aug 30 00:00:00 GMT 2018
published
13. MFSBGN03818 rev.1 - Micro Focus Operations Bridge containerized suite, Remote Code Execution KM03236678
 
a potential vulnerability has been identified in micro focuscontainer deployment foundation (cdf) available as part of micro focus operations bridge containerized suite. the vulnerabilities could be exploited to remote code execution. a potential vulnerability has been identified in micro focuscontainer deployment foundation (cdf) available as part of micro focus operations bridge containerized suite. the vulnerabilities could be exploited to remote code execution.
operations bridge containerized 2017.11 2018.02 2018.05 ; security bulletins any;
security bulletins
Created:Thu Aug 30 00:00:00 GMT 2018
public
Modified:Thu Aug 30 00:00:00 GMT 2018
published
14. MFSBGN03815 rev.1 - Data Center Automation Containerized (DCA) suite, remote code execution KM03236669
 
a potential vulnerabilities has been identified in micro focus autopass license server (apls) and container deployment foundation (cdf) available as part of micro focus data center automation containerized (dca) suite. the vulnerabilities could be exploited to remote code execution. a potential vulnerabilities has been identified in micro focus autopass license server (apls) and container deployment foundation (cdf) available as part of micro focus data center automation containerized (dca) suite. the vulnerabilities could be exploited to remote code execution.
data center automation suite-express 2017.01 2017.05 2017.08 2017.09 2017.11 2018.02 2018.05 2018.08 ; security bulletins any;
security bulletins
Created:Thu Aug 30 00:00:00 GMT 2018
public
Modified:Thu Aug 30 00:00:00 GMT 2018
published
15. MFSBGN03814 rev.1 - Service Management Automation (SMA) containerized, Remote Code Execution KM03236667
 
a potential vulnerabilities has been identified in micro focus autopass license server (apls) and container deployment foundation (cdf) available as part of micro focus service management automation (sma) containerized suites. the vulnerabilities could be exploited to remote code execution. a potential vulnerabilities has been identified in micro focus autopass license server (apls) and container deployment foundation (cdf) available as part of micro focus service management automation (sma) containerized suites. the vulnerabilities could be exploited to remote code execution.
security bulletins any; sm automation containerized 2017.11 2018.02 2018.05 ;
security bulletins
Created:Thu Aug 30 00:00:00 GMT 2018
public
Modified:Thu Aug 30 00:00:00 GMT 2018
published
16. MFSBGN03816 rev.1 - Operations Bridge containerized suite, Remote Code Execution KM03236648
 
a potential vulnerability has been identified in micro focus autopass license server (apls) available as part of micro focus operations bridge containerized suite. the vulnerabilities could be exploited to remote code execution. a potential vulnerability has been identified in micro focus autopass license server (apls) available as part of micro focus operations bridge containerized suite. the vulnerabilities could be exploited to remote code execution.
operations bridge containerized 2018.05; security bulletins any;
security bulletins
Created:Thu Aug 30 00:00:00 GMT 2018
public
Modified:Thu Aug 30 00:00:00 GMT 2018
published
17. MFSBGN03812 rev.1 - Application Performance Management, remote cross-site tracing KM03235847
 
a potential security vulnerability has been identified in micro focus application performance management. the vulnerability could be remotely exploited to remote cross-site tracing and remote disclosure of information. a potential security vulnerability has been identified in micro focus application performance management. the vulnerability could be remotely exploited to remote cross-site tracing and remote disclosure of information.
application performance management (bac) 9.25 9.26 9.30 9.40 9.50 ; security bulletins any;
security bulletins
Created:Wed Aug 29 00:00:00 GMT 2018
public
Modified:Wed Aug 29 00:00:00 GMT 2018
published
18. MFSBGN03811 rev.1 - Fortify Software Security Center (SSC), Multiple vulnerabilities KM03201563
 
an xml external entity (xxe) vulnerability in fortify software security center (ssc) allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (ssrf) attacks via a crafted dtd in an xml request. an xml external entity (xxe) vulnerability in fortify software security center (ssc) allows remote unauthenticated users to read arbitrary files or conduct server-side request forgery (ssrf) attacks via a crafted dtd in an xml request.
security bulletins any;
security bulletins
Created:Thu Jul 12 00:00:00 GMT 2018
public
Modified:Thu Jul 12 00:00:00 GMT 2018
published
19. MFSBGN03810 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF KM03180069
 
a potential vulnerability has been identified in ucmdb server. this vulnerability could be exploited to deserialization & cross-site request forgery (csrf). a potential vulnerability has been identified in ucmdb server. this vulnerability could be exploited to deserialization & cross-site request forgery (csrf).
security bulletins any;
security bulletins
Created:Wed Jun 13 00:00:00 GMT 2018
public
Modified:Fri Jun 15 00:00:00 GMT 2018
published
20. MFSBGN03809 rev.1 - Universal CMDB, Deserialization Java Objects and CSRF KM03180066
 
a potential vulnerability has been identified in ucmdb browser. this vulnerability could be exploited to deserialization & cross-site request forgery (csrf). a potential vulnerability has been identified in ucmdb browser. this vulnerability could be exploited to deserialization & cross-site request forgery (csrf).
security bulletins any; universal cmdb 10.11;
security bulletins
Created:Wed Jun 13 00:00:00 GMT 2018
public
Modified:Fri Jun 15 00:00:00 GMT 2018
published