Microfocus Solutions Business Manager vulnerabilities
17 known vulnerabilities affecting microfocus/solutions_business_manager.
Total CVEs
17
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH5MEDIUM8LOW1
Vulnerabilities
Page 1 of 1
CVE-2018-19641P2CRITICALCVSS 9.8fixed in 11.52019-03-27
CVE-2018-19641 [CRITICAL] CWE-94 CVE-2018-19641: Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerl
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
nvd
CVE-2018-7679P2CRITICALCVSS 9.8fixed in 11.42018-06-21
CVE-2018-7679 [CRITICAL] CWE-20 CVE-2018-7679: Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execut
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.
nvd
CVE-2018-19645P3CRITICALCVSS 9.8fixed in 11.52019-02-12
CVE-2018-19645 [CRITICAL] CWE-287 CVE-2018-19645: An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
nvd
CVE-2019-18943P3HIGHCVSS 8.0fixed in 11.7.12021-02-26
CVE-2019-18943 [HIGH] CWE-611 CVE-2019-18943: Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entit
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
nvd
CVE-2019-18945P3HIGHCVSS 8.0fixed in 11.7.12021-02-26
CVE-2019-18945 [HIGH] CWE-264 CVE-2019-18945: Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerabl
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
nvd
CVE-2018-7683P3HIGHCVSS 7.5fixed in 11.42018-06-21
CVE-2018-7683 [HIGH] CWE-532 CVE-2018-7683: Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive informa
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
nvd
CVE-2018-19643P3HIGHCVSS 7.5fixed in 11.52019-03-27
CVE-2018-19643 [HIGH] CWE-200 CVE-2018-19643: Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
nvd
CVE-2018-19642P3HIGHCVSS 7.5fixed in 11.52019-03-27
CVE-2018-19642 [HIGH] CWE-20 CVE-2018-19642: Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Ma
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
nvd
CVE-2018-7682P4MEDIUMCVSS 6.5fixed in 11.42018-06-22
CVE-2018-7682 [MEDIUM] CWE-532 CVE-2018-7682: Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful se
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
nvd
CVE-2018-7680P4MEDIUMCVSS 6.1fixed in 11.42018-06-21
CVE-2018-7680 [MEDIUM] CWE-79 CVE-2018-7680: Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
nvd
CVE-2019-3477P4MEDIUMCVSS 6.1fixed in 11.4.22019-06-07
CVE-2019-3477 [MEDIUM] CWE-601 CVE-2019-3477: Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
nvd
CVE-2018-19644P4MEDIUMCVSS 6.1fixed in 11.52019-03-27
CVE-2018-19644 [MEDIUM] CWE-79 CVE-2018-19644: Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena B
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
nvd
CVE-2018-7681P4MEDIUMCVSS 4.8fixed in 11.42018-06-21
CVE-2018-7681 [MEDIUM] CWE-79 CVE-2018-7681: Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in UR
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
nvd
CVE-2019-18944P4MEDIUMCVSS 4.8fixed in 11.7.12021-02-26
CVE-2019-18944 [MEDIUM] CWE-80 CVE-2019-18944: Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerabl
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
nvd
CVE-2019-18942P4MEDIUMCVSS 4.8fixed in 11.7.12021-02-26
CVE-2019-18942 [MEDIUM] CWE-79 CVE-2019-18942: Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The ap
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
nvd
CVE-2019-18946P4MEDIUMCVSS 4.8fixed in 11.7.12021-02-26
CVE-2019-18946 [MEDIUM] CWE-384 CVE-2019-18946: Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerabl
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
nvd
CVE-2019-18947P4LOWCVSS 3.5fixed in 11.7.12021-02-26
CVE-2019-18947 [LOW] CWE-200 CVE-2019-18947: Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerabl
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.
nvd