Service Manager Micro Focus Service Manager

Do you want an email whenever new security vulnerabilities are reported in Micro Focus Service Manager?

By the Year

In 2021 there have been 0 vulnerabilities in Micro Focus Service Manager . Last year Service Manager had 4 security vulnerabilities published. Right now, Service Manager is on track to have less security vulnerabilities in 2021 than it did last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 4 5.53
2019 10 7.32
2018 2 5.95

It may take a day or so for new Service Manager vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Micro Focus Service Manager Security Vulnerabilities

Cross Site Scripting vulnerability in Micro Focus Service Manager product

CVE-2020-11845 6.1 - Medium - May 19, 2020

Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.

XSS

Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier)

CVE-2020-9518 5.3 - Medium - March 16, 2020

Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.

Information Disclosure

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server)

CVE-2020-9519 5.3 - Medium - March 16, 2020

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.

Information Disclosure

There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60

CVE-2020-9517 5.4 - Medium - March 09, 2020

There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.

Open Redirect

Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30

CVE-2019-11661 8.3 - High - September 18, 2019

Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.

Class and method names in error message in Micro Focus Service Manager product versions 9.30

CVE-2019-11662 4.3 - Medium - September 18, 2019

Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message.

Generation of Error Message Containing Sensitive Information

Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30

CVE-2019-11663 6.5 - Medium - September 18, 2019

Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

Insufficiently Protected Credentials

Clear text password in browser in Micro Focus Service Manager product versions 9.30

CVE-2019-11664 6.5 - Medium - September 18, 2019

Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

Insufficiently Protected Credentials

Data exposure in Micro Focus Service Manager product versions 9.30

CVE-2019-11665 7.5 - High - September 17, 2019

Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.

Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30

CVE-2019-11666 8.8 - High - September 17, 2019

Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.

Marshaling, Unmarshaling

Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62

CVE-2019-11667 7.5 - High - September 17, 2019

Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62

CVE-2019-11668 7.5 - High - September 10, 2019

HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.

Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62

CVE-2019-11669 7.5 - High - September 10, 2019

Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.

Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager

CVE-2019-11646 8.8 - High - June 03, 2019

Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information.

A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30

CVE-2018-18591 6.5 - Medium - November 13, 2018

A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data.

Information Disclosure

Remote SQL Injection against the HP Service Manager Software Web Tier

CVE-2018-6494 5.4 - Medium - May 22, 2018

Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.

SQL Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Micro Focus Service Manager or by Micro Focus? Click the Watch button to subscribe.

subscribe