Micro Focus 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk csrf and バッファオーバーフロー などに関し、一部は vendor impact memory corruption を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-2123 | A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability | [email protected] | 8.6 | 0.01% | 2026-03-31 | 2026-04-03 |
| CVE-2023-24467 | Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000. | [email protected] | 8.8 | 0.74% | 2024-11-22 | 2025-04-10 |
| CVE-2023-24466 | Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200. | [email protected] | 7.5 | 0.05% | 2024-11-22 | 2025-04-10 |
| CVE-2022-26324 | Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000. | [email protected] | 7.6 | 0.08% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38135 | Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000. | [email protected] | 8.6 | 0.12% | 2024-11-22 | 2025-03-04 |
| CVE-2021-38134 | Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000. | [email protected] | 6.1 | 0.15% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38119 | Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | [email protected] | 6.1 | 0.16% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38118 | Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | [email protected] | 5.5 | 0.07% | 2024-11-22 | 2025-03-04 |
| CVE-2021-38117 | Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | [email protected] | 8.8 | 0.82% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38116 | Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5 | [email protected] | 8.8 | 0.18% | 2024-11-22 | 2025-04-10 |
| CVE-2024-9841 | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. | [email protected] | 7.0 | 0.90% | 2024-11-08 | 2024-11-13 |
| CVE-2020-11859 | Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3 | [email protected] | 7.6 | 0.20% | 2024-11-06 | 2024-11-08 |
| CVE-2024-5532 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26. | [email protected] | 1.8 | 0.18% | 2024-10-28 | 2025-10-14 |
| CVE-2024-4692 | Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1 | [email protected] | 1.8 | 0.16% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4690 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | [email protected] | 5.1 | 0.06% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4211 | Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Appli | [email protected] | 1.8 | 0.16% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4189 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | [email protected] | 5.9 | 0.07% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4184 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | [email protected] | 5.9 | 0.07% | 2024-10-16 | 2024-10-21 |
| CVE-2024-6360 | Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X. | [email protected] | 6.9 | 0.07% | 2024-10-02 | 2025-11-19 |
| CVE-2021-38133 | Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | [email protected] | 7.4 | 0.30% | 2024-09-12 | 2024-09-18 |