Micro Focus Digital Transformation and Enterprise Software Modernization
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Micro Focus product.
RSS Feeds for Micro Focus security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Micro Focus products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Micro Focus Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 0 vulnerabilities in Micro Focus. Last year, in 2024 Micro Focus had 46 security vulnerabilities published. Right now, Micro Focus is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 46 | 7.72 |
2023 | 13 | 7.48 |
2022 | 15 | 6.15 |
2021 | 37 | 7.04 |
2020 | 28 | 6.99 |
2019 | 34 | 7.29 |
2018 | 37 | 7.68 |
It may take a day or so for new Micro Focus vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Micro Focus Security Vulnerabilities
Possible Elevation of Privilege Vulnerability
in iManager has been discovered in
OpenText iManager
CVE-2021-38116
8.8 - High
- November 22, 2024
Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText iManager. This impacts all versions before 3.2.5
Command Injection
Possible Command Injection
in iManager GET parameter has been discovered in
OpenText iManager 3.2.6.0000.
CVE-2023-24467
9.8 - Critical
- November 22, 2024
Possible Command Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0000.
Command Injection
Possible XML External Entity Injection
in iManager GET parameter has been discovered in
OpenText iManager 3.2.6.0200.
CVE-2023-24466
9.8 - Critical
- November 22, 2024
Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0200.
XXE
Possible XSS in iManager URL for access Component has been discovered in
OpenText iManager 3.2.6.0000.
CVE-2022-26324
5.4 - Medium
- November 22, 2024
Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.6.0000.
XSS
Possible
External Service Interaction attack
in iManager has been discovered in
OpenText iManager 3.2.6.0000.
CVE-2021-38135
9.8 - Critical
- November 22, 2024
Possible External Service Interaction attack in iManager has been discovered in OpenText iManager 3.2.6.0000.
Possible XSS in iManager URL for access Component has been discovered in
OpenText iManager 3.2.5.0000.
CVE-2021-38134
6.1 - Medium
- November 22, 2024
Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.5.0000.
XSS
Possible Reflected Cross-Site Scripting (XSS) Vulnerability
in iManager has been discovered in
OpenText iManager 3.2.4.0000.
CVE-2021-38119
6.1 - Medium
- November 22, 2024
Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.
XSS
Possible improper input validation Vulnerability
in iManager has been discovered in
OpenText iManager 3.2.4.0000.
CVE-2021-38118
7.8 - High
- November 22, 2024
Possible improper input validation Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.
Possible Command injection Vulnerability
in iManager has been discovered in
OpenText iManager 3.2.4.0000.
CVE-2021-38117
9.8 - Critical
- November 22, 2024
Possible Command injection Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.
Command Injection
OpenText ArcSight XSS Vulnerability - November 2024
CVE-2024-9841
6.1 - Medium
- November 08, 2024
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
XSS
OpenText iManager XSS via Input Validation
CVE-2020-11859
5.4 - Medium
- November 06, 2024
Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
XSS
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools
CVE-2024-4211
2.4 - Low
- October 16, 2024
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools
CVE-2024-4692
2.4 - Low
- October 16, 2024
Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools
CVE-2024-4184
8 - High
- October 16, 2024
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
XXE
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools
CVE-2024-4189
8 - High
- October 16, 2024
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
XXE
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools
CVE-2024-4690
8 - High
- October 16, 2024
Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
XXE
Possible
Improper Neutralization of Input During Web Page Generation Vulnerability
in eDirectory has been discovered in
OpenText eDirectory 9.2.3.0000.
CVE-2021-22503
6.1 - Medium
- September 12, 2024
Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.3.0000.
XSS
Possible NLDAP Denial of Service attack Vulnerability
in eDirectory has been discovered in
OpenText
eDirectory before 9.2.4.0000.
CVE-2021-22532
7.5 - High
- September 12, 2024
Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText eDirectory before 9.2.4.0000.
Allocation of Resources Without Limits or Throttling
Possible Insertion of Sensitive Information into Log File Vulnerability
in eDirectory has been discovered in
OpenText eDirectory 9.2.4.0000.
CVE-2021-22533
9.1 - Critical
- September 12, 2024
Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.4.0000.
Insertion of Sensitive Information into Log File
Possible Cross-Site Scripting (XSS) Vulnerability
in eDirectory has been discovered in
OpenText eDirectory 9.2.5.0000.
CVE-2021-38131
6.1 - Medium
- September 12, 2024
Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.5.0000.
XSS
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText eDirectory
CVE-2021-38132
9.8 - Critical
- September 12, 2024
Possible External Service Interaction attack in eDirectory has been discovered in OpenText eDirectory. This impact all version before 9.2.6.0000.
SSRF
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText eDirectory
CVE-2021-38133
6.5 - Medium
- September 12, 2024
Possible External Service Interaction attack in eDirectory has been discovered in OpenText eDirectory. This impact all version before 9.2.6.0000.
Weak Password Requirements
A vulnerability identified in storing and reusing information in Advance Authentication
CVE-2021-22509
6.5 - Medium
- August 28, 2024
A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1
Cleartext Storage of Sensitive Information
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information
CVE-2021-22529
5.5 - Medium
- August 28, 2024
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices
CVE-2021-38121
8.8 - High
- August 28, 2024
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1
Inadequate Encryption Strength
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication
CVE-2021-38122
8.2 - High
- August 28, 2024
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1
XSS
A vulnerability identified in NetIQ Advance Authentication
CVE-2021-22530
9.9 - Critical
- August 28, 2024
A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
Improper Restriction of Excessive Authentication Attempts
A vulnerability identified in Advance Authentication
CVE-2021-38120
7.2 - High
- August 28, 2024
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
Command Injection
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack
CVE-2024-4554
5.4 - Medium
- August 28, 2024
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1.
XSS
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario
CVE-2024-4555
7.5 - High
- August 28, 2024
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
Improper Privilege Management
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager
CVE-2024-4556
7.5 - High
- August 28, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.
Directory traversal
A vulnerability found in OpenText Privileged Access Manager that issues a token
CVE-2020-11846
7.5 - High
- August 21, 2024
A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash
CVE-2020-11847
7.8 - High
- August 21, 2024
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
Shell injection
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS)
CVE-2020-11850
6.1 - Medium
- August 21, 2024
Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
XSS
XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200
CVE-2024-3969
9.8 - Critical
- May 28, 2024
XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
XXE
Cross-Site Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200
CVE-2024-4429
7.4 - High
- May 28, 2024
Cross-Site Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to sensitive information disclosure.
Session Riding
Remote Code
Execution has been discovered in
OpenText iManager 3.2.6.0200
CVE-2024-3968
9.8 - Critical
- May 15, 2024
Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200
CVE-2024-3970
7.5 - High
- May 15, 2024
Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.
SSRF
Remote Code
Execution has been discovered in
OpenText iManager 3.2.6.0200
CVE-2024-3483
9.8 - Critical
- May 15, 2024
Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
Command Injection
Path Traversal found in OpenText iManager 3.2.6.0200
CVE-2024-3484
9.8 - Critical
- May 15, 2024
Path Traversal found in OpenText iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.
Directory traversal
Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200
CVE-2024-3485
7.5 - High
- May 15, 2024
Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to senstive information disclosure.
SSRF
XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200
CVE-2024-3486
9.8 - Critical
- May 15, 2024
XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
XXE
Broken Authentication vulnerability discovered in OpenText iManager 3.2.6.0200
CVE-2024-3487
9.8 - Critical
- May 15, 2024
Broken Authentication vulnerability discovered in OpenText iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.
authentification
File Upload vulnerability in unauthenticated
session found in OpenText iManager 3.2.6.0200
CVE-2024-3488
9.8 - Critical
- May 15, 2024
File Upload vulnerability in unauthenticated session found in OpenText iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
Unrestricted File Upload
Remote Code
Execution has been discovered in
OpenText iManager 3.2.6.0200
CVE-2024-3967
9.8 - Critical
- May 15, 2024
Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
Marshaling, Unmarshaling
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms
CVE-2024-0622
7.8 - High
- February 15, 2024
Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation.
A potential vulnerability has been identified in Micro Focus ArcSight Management Center
CVE-2020-25835
5.4 - Medium
- December 09, 2023
A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).
XSS
Exposure of Proxy Administrator Credentials
An authenticated administrator equivalent Filr user
CVE-2023-32268
7.2 - High
- December 06, 2023
Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
Insufficiently Protected Credentials
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST
CVE-2023-5913
9.8 - Critical
- November 08, 2023
Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.
Potential open redirect vulnerability
in opentext Service Management Automation X
(SMAX) versions 2020.05
CVE-2023-4964
6.1 - Medium
- October 30, 2023
Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.
Open Redirect