Micro Focus Solutions Business Manager

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.

CVE-2019-18947 3.5 - Low - February 26, 2021

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.

Generation of Error Message Containing Sensitive Information

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.

CVE-2019-18946 4.8 - Medium - February 26, 2021

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.

Session Fixation

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.

CVE-2019-18945 8 - High - February 26, 2021

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

CVE-2019-18944 4.8 - Medium - February 26, 2021

Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.

XSS

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.

CVE-2019-18943 8 - High - February 26, 2021

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.

XXE

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS

CVE-2019-18942 4.8 - Medium - February 26, 2021

Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.

XSS

Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.

CVE-2019-3477 6.1 - Medium - June 07, 2019

Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.

Open Redirect

Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

CVE-2018-19643 7.5 - High - March 27, 2019

Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

Information Disclosure

Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

CVE-2018-19644 6.1 - Medium - March 27, 2019

Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

XSS

Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

CVE-2018-19642 7.5 - High - March 27, 2019

Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

Improper Input Validation

Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

CVE-2018-19641 9.8 - Critical - March 27, 2019

Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

Code Injection

An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

CVE-2018-19645 9.8 - Critical - February 12, 2019

An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.

authentification

Micro Focus Solutions Business Manager versions prior to 11.4

CVE-2018-7682 6.5 - Medium - June 22, 2018

Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.

Insertion of Sensitive Information into Log File

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images

CVE-2018-7679 9.8 - Critical - June 21, 2018

Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.

Improper Input Validation

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

CVE-2018-7683 7.5 - High - June 21, 2018

Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.

Insertion of Sensitive Information into Log File

Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder

CVE-2018-7681 4.8 - Medium - June 21, 2018

Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.

XSS

Micro Focus Solutions Business Manager versions prior to 11.4

CVE-2018-7680 6.1 - Medium - June 21, 2018

Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.

XSS