Micro Focus Service Manager
By the Year
In 2024 there have been 0 vulnerabilities in Micro Focus Service Manager . Service Manager did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 4 | 5.53 |
2019 | 10 | 7.32 |
2018 | 2 | 5.95 |
It may take a day or so for new Service Manager vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Micro Focus Service Manager Security Vulnerabilities
Cross Site Scripting vulnerability in Micro Focus Service Manager product
CVE-2020-11845
6.1 - Medium
- May 19, 2020
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.
XSS
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier)
CVE-2020-9518
5.3 - Medium
- March 16, 2020
Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.
Information Disclosure
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server)
CVE-2020-9519
5.3 - Medium
- March 16, 2020
HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data.
Information Disclosure
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60
CVE-2020-9517
5.4 - Medium
- March 09, 2020
There is an improper restriction of rendered UI layers or frames vulnerability in Micro Focus Service Manager Release Control versions 9.50 and 9.60. The vulnerability may result in the ability of malicious users to perform UI redress attacks.
Open Redirect
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30
CVE-2019-11661
8.3 - High
- September 18, 2019
Allow changes to some table by non-SysAdmin in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized access and modification of data.
Class and method names in error message in Micro Focus Service Manager product versions 9.30
CVE-2019-11662
4.3 - Medium
- September 18, 2019
Class and method names in error message in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. This vulnerability could be exploited in some special cases to allow information exposure through an error message.
Generation of Error Message Containing Sensitive Information
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30
CVE-2019-11663
6.5 - Medium
- September 18, 2019
Clear text credentials are used to access managers app in Tomcat in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
Insufficiently Protected Credentials
Clear text password in browser in Micro Focus Service Manager product versions 9.30
CVE-2019-11664
6.5 - Medium
- September 18, 2019
Clear text password in browser in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
Insufficiently Protected Credentials
Data exposure in Micro Focus Service Manager product versions 9.30
CVE-2019-11665
7.5 - High
- September 17, 2019
Data exposure in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow sensitive data exposure.
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30
CVE-2019-11666
8.8 - High
- September 17, 2019
Insecure deserialization of untrusted data in Micro Focus Service Manager product versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow insecure deserialization of untrusted data.
Marshaling, Unmarshaling
Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62
CVE-2019-11667
7.5 - High
- September 17, 2019
Unauthorized access to contact information in Micro Focus Service Manager, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to private data.
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62
CVE-2019-11668
7.5 - High
- September 10, 2019
HTTP cookie in Micro Focus Service manager, Versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Server, versions 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. And Micro Focus Service Manager Chat Service 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62.
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62
CVE-2019-11669
7.5 - High
- September 10, 2019
Modifiable read only check box In Micro Focus Service Manager, versions 9.60p1, 9.61, 9.62. This vulnerability could be exploited to allow unauthorized modification of data.
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager
CVE-2019-11646
8.8 - High
- June 03, 2019
Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information.
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30
CVE-2018-18591
6.5 - Medium
- November 13, 2018
A potential unauthorized disclosure of data vulnerability has been identified in Micro Focus Service Manager versions: 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51. The vulnerability could be exploited to release unauthorized disclosure of data.
Information Disclosure
Remote SQL Injection against the HP Service Manager Software Web Tier
CVE-2018-6494
5.4 - Medium
- May 22, 2018
Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Micro Focus Service Manager or by Micro Focus? Click the Watch button to subscribe.