Micro Focus Email

Send E-mail

Self-Solve Knowledge Search

We found 391 results
a vulnerability in apache tomcat was addressed by operations bridge manager. the vulnerability could be exploited to file content disclosure of the web application or remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938
operations bridge manager 10.12 10.60 10.61 10.62 10.63 2018.05 2018.11 2019.05 2019.11 ; security bulletins any;
security bulletins
public
published
Created: 2020-03-31
Modified: 2020-07-10
a potential vulnerability has been identified in some components that ships with hybrid cloud management. the vulnerability could be exploited to file content disclosure of the web application or remote code execution.
hybrid cloud management containerized 2018.05 2018.08 2018.11 2019.02 2019.05 2019.08 2019.11 ; security bulletins any;
security bulletins
public
published
Created: 2020-07-10
Modified: 2020-07-10
a potential vulnerability has been identified in a component that integrates with cloud service automation. the vulnerability could be exploited to file content disclosure of the web application or remote code execution.
cloud service automation 4.70 4.80 4.92 4.94 4.95 4.99 ; security bulletins any;
security bulletins
public
published
Created: 2020-07-08
Modified: 2020-07-08
potential vulnerabilities have been identified in micro focus arcsight management center. the vulnerabilities could be remotely exploited resulting in cross-site scripting (xss) or information disclosure.
arcsight management center 2.61 2.7 2.8 2.81 2.9 2.91 2.92 2.93 ; security bulletins any;
security bulletins
public
published
Created: 2020-06-09
Modified: 2020-06-09
a potential vulnerability has been identified in micro focus arcsight enterprise security manager. the vulnerability could be remotely exploited resulting in cross-site scripting (xss).
arcsight enterprise security manager 7.0 7.2 ; security bulletins any;
security bulletins
public
published
Created: 2020-06-09
Modified: 2020-06-09
a potential vulnerability has been identified in micro focus arcsight logger. the vulnerability could be remotely exploited resulting in cross-site scripting (xss).
arcsight logger software 6.61 6.7 6.71 6.9.1 7.0 ; security bulletins any;
security bulletins
public
published
Created: 2020-06-09
Modified: 2020-06-09
a potential vulnerability has been identified in the micro focus container deployment foundation component that ships with some micro focus arcsight products. the vulnerability could be exploited to provide unauthorized access to the container deployment foundation.
arcsight enterprise security manager 7.2.1; arcsight interset standard edition ; arcsight investigate 2.40 3.00 3.10 ; arcsight transformation hub 3.00 3.10 3.20 ; security bulletins any;
security bulletins
public
published
Created: 2020-05-28
Modified: 2020-05-29
a potential vulnerability has been identified in the micro focus container deployment foundation component that ships with hybrid cloud management. the vulnerability could be exploited to provide unauthorized access to the container deployment foundation.
hybrid cloud management all ; security bulletins any;
security bulletins
public
published
Created: 2020-05-28
Modified: 2020-05-29
there is a security vulnerability relating to apache jserv protocol (ajp), in apache tomcat has published by apache tomcat security bulletin. the vulnerability could be exploited to file content disclosure of the web application or remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp. further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. in order to mitigate this vulnerability, cloud optimizer has given the steps for all impacted versions listed below. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938
cloud optimizer 3.02 3.03 3.04 ; security bulletins any;
security bulletins
public
published
Created: 2020-05-28
Modified: 2020-05-28
a potential vulnerability has been identified in the micro focus container deployment foundation component that ships with sma. the vulnerability could be exploited to provide unauthorized access to the container deployment foundation.
security bulletins any; service management automation ;
security bulletins
public
published
Created: 2020-05-28
Modified: 2020-05-28

Document Type

   

Products

   
  • sm automation containerized (9)
  • discovery and dependency mapping inventory (8)
  • loadrunner professional (8)
  • arcsight enterprise security manager (7)
  • universal cmdb config mgr (7)
  • arcsight logger software (5)
  • operations orchestration (5)
  • project and portfolio management (5)
  • hybrid cloud management containerized (4)
  • kcs - knowledge centered support (4)
  • operations bridge containerized (4)
  • service management automation (4)
  • sso - software support online (4)
  • arcsight management center (3)
  • business process monitor (3)
  • cloud service automation (3)
  • enterprise developer/enterprise server (3)
  • arcsight connector appliance (2)
  • arcsight connector hosting appliance (2)
  • arcsight logger appliance (2)
  • business process insight (2)
  • data center automation-e containerized (2)
  • data center automation-p containerized (2)
  • fortify software security center server (2)
  • network operations management all (2)
  • network operations management ultimate (2)
  • operations manager for linux (2)
  • operations manager for unix (2)
  • operations manager for windows (2)
  • application performance management (bac) (1)
  • arcsight interset standard edition (1)
  • arcsight smart connectors (1)
  • arcsight transformation hub (1)
  • continuous delivery automation (1)
  • data center automation suite-express (1)
  • database and middleware automation (1)
  • fortify software security center (1)
  • hpe propel third party adapters (1)
  • hybrid cloud management all (1)
  • network node manager i ultimate (1)
  • network operations management express (1)
  • network operations management premium (1)
  • operations bridge analytics (1)
  • operations bridge manager (1)
  • operations bridge reporter (1)
  • service health analyzer (1)
  • sm service request catalog (1)
  • solutions business manager (sbm) (1)
  • unified functional testing (1)
  • universal discovery for oracle lms (1)

Version

   

Workflow Status

   

Security Level

   

Operating System

   

Language

   

Date Range

Start Date:

End Date: