* * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:microfocus:solutions_business_manager:*:*:*:*:*:*:*:*

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2019-18947	209		2021-02-26	2021-11-03	2.7	None	Local Network	Low	???	Partial	None	None
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure.
2	CVE-2019-18946	384		2021-02-26	2021-03-01	3.8	None	Local Network	Medium	???	Partial	Partial	None
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation.
3	CVE-2019-18945			2021-02-26	2021-10-19	5.2	None	Local Network	Low	???	Partial	Partial	Partial
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability.
4	CVE-2019-18944	79	XSS	2021-02-26	2021-03-01	2.3	None	Local Network	Medium	???	None	Partial	None
Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.
5	CVE-2019-18943	611		2021-02-26	2021-03-01	5.2	None	Local Network	Low	???	Partial	Partial	Partial
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations.
6	CVE-2019-18942	79	XSS	2021-02-26	2021-03-01	2.3	None	Local Network	Medium	???	None	Partial	None
Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding.
7	CVE-2019-3477	601		2019-06-07	2019-06-10	5.8	None	Remote	Medium	Not required	Partial	Partial	None
Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect.
8	CVE-2018-19645	287	Bypass	2019-02-12	2019-02-13	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
An Authentication Bypass issue exists in Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
9	CVE-2018-19644	79	XSS	2019-03-27	2019-10-09	4.3	None	Remote	Medium	Not required	None	Partial	None
Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
10	CVE-2018-19643	200	+Info	2019-03-27	2019-10-09	5.0	None	Remote	Low	Not required	Partial	None	None
Information leakage issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
11	CVE-2018-19642	20	DoS	2019-03-27	2019-10-09	5.0	None	Remote	Low	Not required	None	None	Partial
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
12	CVE-2018-19641	94	Exec Code	2019-03-27	2019-10-09	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Unauthenticated remote code execution issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5.
13	CVE-2018-7683	532		2018-06-21	2021-04-09	5.0	None	Remote	Low	Not required	Partial	None	None
Micro Focus Solutions Business Manager versions prior to 11.4 might reveal certain sensitive information in server log files.
14	CVE-2018-7682	532		2018-06-22	2021-04-09	4.0	None	Remote	Low	???	Partial	None	None
Micro Focus Solutions Business Manager versions prior to 11.4 allows a user to invoke SBM RESTful services across domains.
15	CVE-2018-7681	79	XSS	2018-06-21	2021-04-09	3.5	None	Remote	Medium	???	None	Partial	None
Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. If the user has certain administrative privileges then this vulnerability can impact other users in the system.
16	CVE-2018-7680	79	XSS	2018-06-21	2021-04-09	4.3	None	Remote	Medium	Not required	None	Partial	None
Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values.
17	CVE-2018-7679	20	Exec Code	2018-06-21	2021-04-09	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Micro Focus Solutions Business Manager versions prior to 11.4 when ASP.NET is configured with execute permission on the virtual directories and does not validate the contents of user avatar images, could lead to remote code execution.

Total number of vulnerabilities : 17 Page : 1 (This Page)