Aggregates CVE and security vulnerability intelligence across all Micro Focus-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact memory corruption, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-6360 | Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X. | [email protected] | 6.9 | 0.31% | 2024-10-02 | 2026-06-17 |
| CVE-2021-38133 | Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | [email protected] | 7.4 | 0.30% | 2024-09-12 | 2026-06-17 |
| CVE-2021-38132 | Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | [email protected] | 5.3 | 0.39% | 2024-09-12 | 2026-06-17 |
| CVE-2021-38131 | Possible Cross-Site Scripting (XSS) Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.5.0000. | [email protected] | 5.4 | 0.20% | 2024-09-12 | 2026-06-17 |
| CVE-2021-22533 | Possible Insertion of Sensitive Information into Log File Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.4.0000. | [email protected] | 6.5 | 0.43% | 2024-09-12 | 2026-06-16 |
| CVE-2021-22532 | Possible NLDAP Denial of Service attack Vulnerability in eDirectory has been discovered in OpenText™ eDirectory before 9.2.4.0000. | [email protected] | 7.6 | 0.40% | 2024-09-12 | 2026-06-16 |
| CVE-2021-22503 | Possible Improper Neutralization of Input During Web Page Generation Vulnerability in eDirectory has been discovered in OpenText™ eDirectory 9.2.3.0000. | [email protected] | 5.4 | 0.22% | 2024-09-12 | 2026-06-16 |
| CVE-2024-4556 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1. | [email protected] | 5.7 | 0.40% | 2024-08-28 | 2026-06-17 |
| CVE-2024-4555 | Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | [email protected] | 7.7 | 0.26% | 2024-08-28 | 2026-06-17 |
| CVE-2024-4554 | Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects Access Manager before 5.0.4.1 and 5.1. | [email protected] | 7.3 | 0.28% | 2024-08-28 | 2026-06-17 |
| CVE-2021-38122 | A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1 | [email protected] | 6.2 | 0.27% | 2024-08-28 | 2026-06-17 |
| CVE-2021-38121 | Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices. This issue affects NetIQ Advance Authentication versions before 6.3.5.1 | [email protected] | 8.3 | 0.18% | 2024-08-28 | 2026-06-17 |
| CVE-2021-38120 | A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1. | [email protected] | 5.1 | 0.52% | 2024-08-28 | 2026-06-17 |
| CVE-2021-22530 | A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1 | [email protected] | 8.2 | 0.21% | 2024-08-28 | 2026-06-16 |
| CVE-2021-22529 | A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1 | [email protected] | 6.3 | 0.16% | 2024-08-28 | 2026-06-16 |
| CVE-2021-22509 | A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1 | [email protected] | 8.1 | 0.20% | 2024-08-28 | 2026-06-16 |
| CVE-2020-11847 | SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash. This issue affects Privileged Access Manager before 3.7.0.1. | [email protected] | 8.2 | 0.31% | 2024-08-21 | 2026-06-16 |
| CVE-2020-11846 | A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1. | [email protected] | 8.7 | 0.31% | 2024-08-21 | 2026-06-16 |
| CVE-2020-11850 | Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Cross-Site Scripting (XSS). This issue affects Self Service Password Reset before 4.5.0.2 and 4.4.0.6 | [email protected] | 7.3 | 0.31% | 2024-08-21 | 2026-06-16 |
| CVE-2024-4429 | Cross-Site Request Forgery vulnerability has been discovered in OpenText™ iManager 3.2.6.0200. This could lead to sensitive information disclosure. | [email protected] | 5.4 | 0.18% | 2024-05-28 | 2026-06-17 |