Micro Focus Email

Send E-mail

Self-Solve Knowledge Search

We found 378 results
vulnerabilities in third-party components used by sma products were found to be in use by the micro focus service management automation (sma) product. these vulnerabilities could be exploited resulting in remote code execution, unauthorized access to information. for more details on these individual issues, please reference the cve ids and links below.
security bulletins any; service management automation ;
security bulletins
public
published
Created: 2020-09-25
Modified: 2020-09-25
multiple vulnerabilities have been identified for micro focus operations bridge reporter. the vulnerabilities could lead to unauthorized access to the obr server. cve-2020-11855: a vulnerability allows local attackers on the obr host to execute code with escalated privileges. cve-2020-11856: a vulnerability allows remote attackers to execute arbitrary code on affected installations of obr. cve-2020-11857 a vulnerability allows remote attackers to access the obr host as a non-admin user.
operations bridge reporter 10.00 10.01 10.02 10.10 10.20 10.21 10.22 10.30 10.31 10.40 ; security bulletins any;
security bulletins
public
published
Created: 2020-09-21
Modified: 2020-09-22
a potential vulnerability has been identified in glance module of operations agent. the vulnerability could be exploited to escalate the local privileges and gain root access on the system.
operations agent 12.10 12.11 ; security bulletins any;
security bulletins
public
published
Created: 2020-09-17
Modified: 2020-09-18
a potential vulnerability has been identified in micro focus arcsight enterprise security manager. the vulnerability could be remotely exploited resulting in cross-site scripting (xss).
arcsight enterprise security manager 7.0 7.2 ; security bulletins any;
security bulletins
public
published
Created: 2020-06-09
Modified: 2020-07-14
a vulnerability in apache tomcat was addressed by operations bridge manager. the vulnerability could be exploited to file content disclosure of the web application or remote code execution. when using the apache jserv protocol (ajp), care must be taken when trusting incoming connections to apache tomcat. tomcat treats ajp connections as having higher trust than, for example, a similar http connection. if such connections are available to an attacker, they can be exploited in ways that may be surprising. in apache tomcat 9.0.0.m1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, tomcat shipped with an ajp connector enabled by default that listened on all configured ip addresses. it was expected (and recommended in the security guide) that this connector would be disabled if not required. this vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a jsp further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a jsp, made remote code execution possible. it is important to note that mitigation is only required if an ajp port is accessible to untrusted users. users wishing to take a defense-in-depth approach and block the vector that permits returning arbitrary files and execution as jsp may upgrade to apache tomcat 9.0.31, 8.5.51 or 7.0.100 or later. a number of changes were made to the default ajp connector configuration in 9.0.31 to harden the default configuration. it is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1938
operations bridge manager 10.12 10.60 10.61 10.62 10.63 2018.05 2018.11 2019.05 2019.11 ; security bulletins any;
security bulletins
public
published
Created: 2020-03-31
Modified: 2020-07-10
a potential vulnerability has been identified in some components that ships with hybrid cloud management. the vulnerability could be exploited to file content disclosure of the web application or remote code execution.
hybrid cloud management containerized 2018.05 2018.08 2018.11 2019.02 2019.05 2019.08 2019.11 ; security bulletins any;
security bulletins
public
published
Created: 2020-07-10
Modified: 2020-07-10
a potential vulnerability has been identified in a component that integrates with cloud service automation. the vulnerability could be exploited to file content disclosure of the web application or remote code execution.
cloud service automation 4.70 4.80 4.92 4.94 4.95 4.99 ; security bulletins any;
security bulletins
public
published
Created: 2020-07-08
Modified: 2020-07-08
potential vulnerabilities have been identified in micro focus arcsight management center. the vulnerabilities could be remotely exploited resulting in cross-site scripting (xss) or information disclosure.
arcsight management center 2.61 2.7 2.8 2.81 2.9 2.91 2.92 2.93 ; security bulletins any;
security bulletins
public
published
Created: 2020-06-09
Modified: 2020-06-09
a potential vulnerability has been identified in micro focus arcsight logger. the vulnerability could be remotely exploited resulting in cross-site scripting (xss).
arcsight logger software 6.61 6.7 6.71 6.9.1 7.0 ; security bulletins any;
security bulletins
public
published
Created: 2020-06-09
Modified: 2020-06-09
a potential vulnerability has been identified in the micro focus container deployment foundation component that ships with some micro focus arcsight products. the vulnerability could be exploited to provide unauthorized access to the container deployment foundation.
arcsight enterprise security manager 7.2.1; arcsight interset standard edition ; arcsight investigate 2.40 3.00 3.10 ; arcsight transformation hub 3.00 3.10 3.20 ; security bulletins any;
security bulletins
public
published
Created: 2020-05-28
Modified: 2020-05-29

Document Type

   

Products

   
  • loadrunner professional (8)
  • arcsight enterprise security manager (7)
  • universal cmdb config mgr (6)
  • arcsight logger software (5)
  • operations orchestration (5)
  • project and portfolio management (5)
  • service management automation (5)
  • sm automation containerized (5)
  • discovery and dependency mapping inventory (4)
  • operations bridge containerized (4)
  • arcsight management center (3)
  • business process monitor (3)
  • cloud service automation (3)
  • enterprise developer/enterprise server (3)
  • hybrid cloud management containerized (3)
  • business process insight (2)
  • data center automation-e containerized (2)
  • data center automation-p containerized (2)
  • fortify software security center server (2)
  • network operations management all (2)
  • network operations management ultimate (2)
  • operations bridge reporter (2)
  • operations manager for linux (2)
  • operations manager for unix (2)
  • operations manager for windows (2)
  • application performance management (bac) (1)
  • arcsight interset standard edition (1)
  • arcsight smart connectors (1)
  • arcsight transformation hub (1)
  • continuous delivery automation (1)
  • data center automation suite-express (1)
  • database and middleware automation (1)
  • fortify software security center (1)
  • hybrid cloud management all (1)
  • network node manager i ultimate (1)
  • network operations management express (1)
  • network operations management premium (1)
  • operations bridge analytics (1)
  • operations bridge manager (1)
  • service health analyzer (1)
  • solutions business manager (sbm) (1)
  • unified functional testing (1)

Version

   

Workflow Status

   

Security Level

   

Operating System

   

Language

   

Date Range

Start Date:

End Date: