Micro Focus Micro Focus Digital Transformation and Enterprise Software Modernization

  1. Vendors
  2. Micro Focus

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Micro Focus product.

RSS Feeds for Micro Focus security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Micro Focus products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Micro Focus Sorted by Most Security Vulnerabilities since 2018

Micro Focus Imanager22 vulnerabilities

Micro Focus Edirectory16 vulnerabilities

Micro Focus Netiq Advanced Authentication11 vulnerabilities

Micro Focus Arcsight Logger9 vulnerabilities

Micro Focus Application Automation Tools9 vulnerabilities

Micro Focus Arcsight Management Center8 vulnerabilities

Micro Focus Enterprise Server6 vulnerabilities

Micro Focus Enterprise Developer6 vulnerabilities

Micro Focus Netiq Access Manager5 vulnerabilities

Micro Focus Filr4 vulnerabilities

Micro Focus Netiq Self Service Password Reset4 vulnerabilities

Micro Focus Operations Agent4 vulnerabilities

Micro Focus Dimensions Cm3 vulnerabilities

Micro Focus Cobol Server2 vulnerabilities

Micro Focus Visual Cobol2 vulnerabilities

Micro Focus Enterprise Test Server2 vulnerabilities

Micro Focus Netiq Privileged Access Manager2 vulnerabilities

Micro Focus Zenworks1 vulnerability

Micro Focus Netiq Advance Authentication1 vulnerability

Micro Focus Arcsight Platform1 vulnerability

Micro Focus Asset Management X1 vulnerability

Micro Focus Fortify Scancentral Dast1 vulnerability

Micro Focus Service Management Automation X1 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Micro Focus. Last year, in 2024 Micro Focus had 46 security vulnerabilities published. Right now, Micro Focus is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 46 7.72
2023 13 7.48
2022 15 6.15
2021 37 7.04
2020 28 6.99
2019 34 7.29
2018 37 7.68

It may take a day or so for new Micro Focus vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Micro Focus Security Vulnerabilities

Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText iManager

CVE-2021-38116 8.8 - High - November 22, 2024

Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText iManager. This impacts all versions before 3.2.5

Command Injection

Possible Command Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0000.

CVE-2023-24467 9.8 - Critical - November 22, 2024

Possible Command Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0000.

Command Injection

Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0200.

CVE-2023-24466 9.8 - Critical - November 22, 2024

Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0200.

XXE

Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.6.0000.

CVE-2022-26324 5.4 - Medium - November 22, 2024

Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.6.0000.

XSS

Possible External Service Interaction attack in iManager has been discovered in OpenText iManager 3.2.6.0000.

CVE-2021-38135 9.8 - Critical - November 22, 2024

Possible External Service Interaction attack in iManager has been discovered in OpenText iManager 3.2.6.0000.

Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.5.0000.

CVE-2021-38134 6.1 - Medium - November 22, 2024

Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.5.0000.

XSS

Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.

CVE-2021-38119 6.1 - Medium - November 22, 2024

Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.

XSS

Possible improper input validation Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.

CVE-2021-38118 7.8 - High - November 22, 2024

Possible improper input validation Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.

Possible Command injection Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.

CVE-2021-38117 9.8 - Critical - November 22, 2024

Possible Command injection Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.

Command Injection

OpenText ArcSight XSS Vulnerability - November 2024

CVE-2024-9841 6.1 - Medium - November 08, 2024

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.

XSS

OpenText iManager XSS via Input Validation

CVE-2020-11859 5.4 - Medium - November 06, 2024

Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3

XSS

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools

CVE-2024-4211 2.4 - Low - October 16, 2024

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools

CVE-2024-4692 2.4 - Low - October 16, 2024

Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below.

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools

CVE-2024-4184 8 - High - October 16, 2024

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.

XXE

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools

CVE-2024-4189 8 - High - October 16, 2024

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.

XXE

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools

CVE-2024-4690 8 - High - October 16, 2024

Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.

XXE

Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.3.0000.

CVE-2021-22503 6.1 - Medium - September 12, 2024

Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.3.0000.

XSS

Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText eDirectory before 9.2.4.0000.

CVE-2021-22532 7.5 - High - September 12, 2024

Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText eDirectory before 9.2.4.0000.

Allocation of Resources Without Limits or Throttling

Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.4.0000.

CVE-2021-22533 9.1 - Critical - September 12, 2024

Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.4.0000.

Insertion of Sensitive Information into Log File

Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.5.0000.

CVE-2021-38131 6.1 - Medium - September 12, 2024

Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.5.0000.

XSS

Possible External Service Interaction attack in eDirectory has been discovered in OpenText eDirectory

CVE-2021-38132 9.8 - Critical - September 12, 2024

Possible External Service Interaction attack in eDirectory has been discovered in OpenText eDirectory. This impact all version before 9.2.6.0000.

SSRF

Possible External Service Interaction attack in eDirectory has been discovered in OpenText eDirectory

CVE-2021-38133 6.5 - Medium - September 12, 2024

Possible External Service Interaction attack in eDirectory has been discovered in OpenText eDirectory. This impact all version before 9.2.6.0000.

Weak Password Requirements

A vulnerability identified in storing and reusing information in Advance Authentication

CVE-2021-22509 6.5 - Medium - August 28, 2024

A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1

Cleartext Storage of Sensitive Information

A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information

CVE-2021-22529 5.5 - Medium - August 28, 2024

A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1

Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices

CVE-2021-38121 8.8 - High - August 28, 2024

Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.  This issue affects NetIQ Advance Authentication versions before 6.3.5.1

Inadequate Encryption Strength

A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication

CVE-2021-38122 8.2 - High - August 28, 2024

A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1

XSS

A vulnerability identified in NetIQ Advance Authentication

CVE-2021-22530 9.9 - Critical - August 28, 2024

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1

Improper Restriction of Excessive Authentication Attempts

A vulnerability identified in Advance Authentication

CVE-2021-38120 7.2 - High - August 28, 2024

A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.

Command Injection

Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack

CVE-2024-4554 5.4 - Medium - August 28, 2024

Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects NetIQ Access Manager before 5.0.4.1 and 5.1.

XSS

Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario

CVE-2024-4555 7.5 - High - August 28, 2024

Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1

Improper Privilege Management

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager

CVE-2024-4556 7.5 - High - August 28, 2024

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.

Directory traversal

A vulnerability found in OpenText Privileged Access Manager that issues a token

CVE-2020-11846 7.5 - High - August 21, 2024

A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash

CVE-2020-11847 7.8 - High - August 21, 2024

SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.

Shell injection

Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS)

CVE-2020-11850 6.1 - Medium - August 21, 2024

Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6

XSS

XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200

CVE-2024-3969 9.8 - Critical - May 28, 2024

XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload

XXE

Cross-Site Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200

CVE-2024-4429 7.4 - High - May 28, 2024

Cross-Site Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to sensitive information disclosure.

Session Riding

Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200

CVE-2024-3968 9.8 - Critical - May 15, 2024

Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.

Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200

CVE-2024-3970 7.5 - High - May 15, 2024

Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.

SSRF

Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200

CVE-2024-3483 9.8 - Critical - May 15, 2024

Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.

Command Injection

Path Traversal found in OpenText iManager 3.2.6.0200

CVE-2024-3484 9.8 - Critical - May 15, 2024

Path Traversal found in OpenText iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.

Directory traversal

Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200

CVE-2024-3485 7.5 - High - May 15, 2024

Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to senstive information disclosure.

SSRF

XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200

CVE-2024-3486 9.8 - Critical - May 15, 2024

XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.

XXE

Broken Authentication vulnerability discovered in OpenText iManager 3.2.6.0200

CVE-2024-3487 9.8 - Critical - May 15, 2024

Broken Authentication vulnerability discovered in OpenText iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.

authentification

File Upload vulnerability in unauthenticated session found in OpenText iManager 3.2.6.0200

CVE-2024-3488 9.8 - Critical - May 15, 2024

File Upload vulnerability in unauthenticated session found in OpenText iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.

Unrestricted File Upload

Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200

CVE-2024-3967 9.8 - Critical - May 15, 2024

Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.

Marshaling, Unmarshaling

Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms

CVE-2024-0622 7.8 - High - February 15, 2024

Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. 

A potential vulnerability has been identified in Micro Focus ArcSight Management Center

CVE-2020-25835 5.4 - Medium - December 09, 2023

A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).

XSS

Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user

CVE-2023-32268 7.2 - High - December 06, 2023

Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.

Insufficiently Protected Credentials

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST

CVE-2023-5913 9.8 - Critical - November 08, 2023

Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.

Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05

CVE-2023-4964 6.1 - Medium - October 30, 2023

Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.

Open Redirect

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.