Micro Focus Micro Focus Digital Transformation and Enterprise Software Modernization

  1. Vendors
  2. Micro Focus

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Micro Focus product.

RSS Feeds for Micro Focus security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Micro Focus products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Micro Focus Sorted by Most Security Vulnerabilities since 2018

Micro Focus Imanager22 vulnerabilities

Micro Focus Edirectory16 vulnerabilities

Micro Focus Netiq Advanced Authentication11 vulnerabilities

Micro Focus Arcsight Logger9 vulnerabilities

Micro Focus Application Automation Tools9 vulnerabilities

Micro Focus Arcsight Management Center8 vulnerabilities

Micro Focus Enterprise Server6 vulnerabilities

Micro Focus Enterprise Developer6 vulnerabilities

Micro Focus Netiq Access Manager5 vulnerabilities

Micro Focus Filr4 vulnerabilities

Micro Focus Netiq Self Service Password Reset4 vulnerabilities

Micro Focus Operations Agent4 vulnerabilities

Micro Focus Dimensions Cm3 vulnerabilities

Micro Focus Cobol Server2 vulnerabilities

Micro Focus Visual Cobol2 vulnerabilities

Micro Focus Enterprise Test Server2 vulnerabilities

Micro Focus Netiq Privileged Access Manager2 vulnerabilities

Micro Focus Zenworks1 vulnerability

Micro Focus Netiq Advance Authentication1 vulnerability

Micro Focus Arcsight Platform1 vulnerability

Micro Focus Asset Management X1 vulnerability

Micro Focus Fortify Scancentral Dast1 vulnerability

Micro Focus Service Management Automation X1 vulnerability

By the Year

In 2025 there have been 0 vulnerabilities in Micro Focus. Last year, in 2024 Micro Focus had 46 security vulnerabilities published. Right now, Micro Focus is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 46 7.77
2023 13 7.48
2022 15 6.15
2021 37 7.04
2020 28 6.99
2019 34 7.29
2018 37 7.68

It may take a day or so for new Micro Focus vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Micro Focus Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2021-38116 Nov 22, 2024
OpenText iManager EP Vulnerability (before 3.2.5) Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText iManager. This impacts all versions before 3.2.5
Imanager
CVE-2023-24467 Nov 22, 2024
Command Injection in OpenText iManager 3.2.6.0000 via GET param Possible Command Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0000.
Imanager
CVE-2023-24466 Nov 22, 2024
OpenText iManager 3.2.6 XML External Entity Injection in GET param Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText iManager 3.2.6.0200.
Imanager
CVE-2022-26324 Nov 22, 2024
XSS via Access URL in OpenText iManager 3.2.6.0000 Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.6.0000.
Imanager
CVE-2021-38135 Nov 22, 2024
OpenText iManager 3.2.6 EEI Vulnerability Possible External Service Interaction attack in iManager has been discovered in OpenText iManager 3.2.6.0000.
Imanager
CVE-2021-38134 Nov 22, 2024
OpenText iManager 3.2.5.0000 XSS via Access Component URL Possible XSS in iManager URL for access Component has been discovered in OpenText iManager 3.2.5.0000.
Imanager
CVE-2021-38119 Nov 22, 2024
OpenText iManager 3.2.4.0 Reflected XSS Vulnerability Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.
Imanager
CVE-2021-38118 Nov 22, 2024
OpenText iManager 3.2.4.0000 Improper Input Validation in iManager Possible improper input validation Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.
Imanager
CVE-2021-38117 Nov 22, 2024
OpenText iManager 3.2.4.0000 Cmd Injection Vulnerability Possible Command injection Vulnerability in iManager has been discovered in OpenText iManager 3.2.4.0000.
Imanager
CVE-2024-9841 Nov 08, 2024
OpenText ArcSight XSS Vulnerability - November 2024 A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited.
Arcsight Management Center
Arcsight Platform
CVE-2020-11859 Nov 06, 2024
OpenText iManager XSS via Input Validation Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3
Imanager
CVE-2024-4211 Oct 16, 2024
OpenText AT 24.1.0 and below Access Control Validation Flaw Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Application Automation Tools
CVE-2024-4692 Oct 16, 2024
OpenText AAT <=24.1.0 Improper Validation & Permission Checks (CVE20244692) Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Application Automation Tools
CVE-2024-4184 Oct 16, 2024
OpenText App Automation Tools 24.1.0: XML External Entity (XEE) DTD Injection Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Application Automation Tools
CVE-2024-4189 Oct 16, 2024
OpenText App Automation Tools XXE & DTD Injection ( 24.1.0) Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Application Automation Tools
CVE-2024-4690 Oct 16, 2024
OpenText App Auto Tools <24.1.0 XEE (DTD Injection) Vulnerability Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below.
Application Automation Tools
CVE-2021-22503 Sep 12, 2024
OpenText eDirectory 9.2.3 Improper Neutralization Input in Web Page Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.3.0000.
Edirectory
CVE-2021-22532 Sep 12, 2024
OpenText eDirectory <9.2.4 NLDAP DoS Vulnerability Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText eDirectory before 9.2.4.0000.
Edirectory
CVE-2021-22533 Sep 12, 2024
OpenText eDirectory 9.2.4 Sensitive Log Insertion CVE-2021-22533 Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.4.0000.
Edirectory
CVE-2021-38131 Sep 12, 2024
OpenText eDirectory 9.2.5.0000 XSS (CVE-2021-38131) Before 9.2.5.0000 Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText eDirectory 9.2.5.0000.
Edirectory
CVE-2021-38132 Sep 12, 2024
OpenText eDirectory <9.2.6.0000: External Service Interaction Vulnerability Possible External Service Interaction attack in eDirectory has been discovered in OpenText eDirectory. This impact all version before 9.2.6.0000.
Edirectory
CVE-2021-38133 Sep 12, 2024
OpenText eDirectory External Service Interaction Vulnerability before 9.2.6 Possible External Service Interaction attack in eDirectory has been discovered in OpenText eDirectory. This impact all version before 9.2.6.0000.
Edirectory
CVE-2021-22509 Aug 28, 2024
NetIQ Advance Authentication <=6.3.5.0 Sensitive Data Leakage via Stored Auth Info A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1
Netiq Advanced Authentication
CVE-2021-22529 Aug 28, 2024
NetIQ AA Info Leak before v6.3.5.1 A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1
Netiq Advanced Authentication
CVE-2021-38121 Aug 28, 2024
NetIQ Advance Authentication <6.3.5.1 Weak TLS Protocol Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.  This issue affects NetIQ Advance Authentication versions before 6.3.5.1
Netiq Advanced Authentication
CVE-2021-38122 Aug 28, 2024
CVE-2021-38122: XSS in NetIQ Advance Auth Before 6.3.5.1 A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1
Netiq Advanced Authentication
CVE-2021-22530 Aug 28, 2024
NetIQ Advance Authentication <6.3.5.1 API Login Lockout Bypass A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
Netiq Advanced Authentication
CVE-2021-38120 Aug 28, 2024
NetIQ Advance Auth Bash Cmd Injection pre-6.3.5.1 A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
Netiq Advance Authentication
Netiq Advanced Authentication
CVE-2024-4554 Aug 28, 2024
OpenText NetIQ Access Manager 5.1 XSS via Improper Input Validation Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects Access Manager before 5.0.4.1 and 5.1.
Netiq Access Manager
CVE-2024-4555 Aug 28, 2024
NetIQ Access Manager Impostor Privilege Escalation (Before 5.1) Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
Netiq Access Manager
CVE-2024-4556 Aug 28, 2024
NetIQ Access Manager Path Traversal (CVE-2024-4556) - 5.0.4 & 5.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.
Netiq Access Manager
CVE-2020-11846 Aug 21, 2024
OpenText PAM cookie abuse prior to 3.7.0.1 A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.
Netiq Privileged Access Manager
CVE-2020-11847 Aug 21, 2024
Privileged Access Manager <3.7.0.1: OS Command Injection via SSH PAM SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1.
Netiq Privileged Access Manager
CVE-2020-11850 Aug 21, 2024
OpenText Self Service Password Reset XSS (<=4.5.0.2, 4.4.0.6) Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6
Netiq Self Service Password Reset
CVE-2024-3969 May 28, 2024
OpenText iManager 3.2.6.0200 XEE RCE Vulnerability XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload
Imanager
CVE-2024-4429 May 28, 2024
CVE-2024-4429 XSRF in OpenText iManager 3.2.6.0200 leads to info disclosure Cross-Site Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to sensitive information disclosure.
Imanager
CVE-2024-3968 May 15, 2024
OpenText iManager 3.2.6.0200 RCE via Custom File Upload Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger remote code execution using custom file upload task.
Imanager
CVE-2024-3970 May 15, 2024
SSRF in OpenText iManager 3.2.6.0200 Directory Traversal Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to senstive information disclosure by directory traversal.
Imanager
CVE-2024-3483 May 15, 2024
OpenText iManager 3.2.6.0200 RCE: Cmd I & Insecure Deserialization Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger command injection and insecure deserialization issues.
Imanager
CVE-2024-3484 May 15, 2024
OpenText iManager 3.2.6.0200 Path Traversal PrivEsc Path Traversal found in OpenText iManager 3.2.6.0200. This can lead to privilege escalation or file disclosure.
Imanager
CVE-2024-3485 May 15, 2024
OpenText iManager 3.2.6.0200 SSRF Sensitive Info Disclosure Server Side Request Forgery vulnerability has been discovered in OpenText iManager 3.2.6.0200. This could lead to senstive information disclosure.
Imanager
CVE-2024-3486 May 15, 2024
XEE in OpenText iManager 3.2.6.0200 Enables Info Disclosure & RCE XML External Entity injection vulnerability found in OpenText iManager 3.2.6.0200. This could lead to information disclosure and remote code execution.
Imanager
CVE-2024-3487 May 15, 2024
OpenText iManager 3.2.6.0200 Broken Auth via Param Manipulation Broken Authentication vulnerability discovered in OpenText iManager 3.2.6.0200. This vulnerability allows an attacker to manipulate certain parameters to bypass authentication.
Imanager
CVE-2024-3488 May 15, 2024
OpenText iManager 3.2.6.0200 File Upload via Unauth Session File Upload vulnerability in unauthenticated session found in OpenText iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.
Imanager
CVE-2024-3967 May 15, 2024
OpenText iManager 3.2.6 RCE via unsafe Java Deserialization Remote Code Execution has been discovered in OpenText iManager 3.2.6.0200. The vulnerability can trigger remote code execution unisng unsafe java object deserialization.
Imanager
CVE-2024-0622 Feb 15, 2024
OpenText Ops Agent 12.15-12.25 Local Priv Esc on Non-Win Platforms Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. 
Operations Agent
CVE-2020-25835 Dec 09, 2023
ArcSight MC Remote Stored XSS Vulnerability CVE-2020-25835 A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS).
Arcsight Management Center
CVE-2023-32268 Dec 06, 2023
Filr Proxy Admin Credential Exposure (CVE-2023-32268) Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators.
Filr
CVE-2023-5913 Nov 08, 2023
Fortify ScanCentral DAST Incorrect Privilege Assignment (CVE-2023-5913) 21.1-23.1 Incorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges.This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.
Fortify Scancentral Dast
CVE-2023-4964 Oct 30, 2023
OpenText SMAX/AMX OpenRedirect 2020.05-2022.11 Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.
Asset Management X
Service Management Automation X
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.