汇总 Micro Focus 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 CSRF与缓冲区溢出 等问题,部分漏洞可能导致 内存损坏,并影响 生产负载与软件部署 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-2123 | A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability | [email protected] | 8.6 | 0.01% | 2026-03-31 | 2026-04-03 |
| CVE-2023-24467 | Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000. | [email protected] | 8.8 | 0.74% | 2024-11-22 | 2025-04-10 |
| CVE-2023-24466 | Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200. | [email protected] | 7.5 | 0.05% | 2024-11-22 | 2025-04-10 |
| CVE-2022-26324 | Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000. | [email protected] | 7.6 | 0.08% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38135 | Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000. | [email protected] | 8.6 | 0.12% | 2024-11-22 | 2025-03-04 |
| CVE-2021-38134 | Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000. | [email protected] | 6.1 | 0.15% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38119 | Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | [email protected] | 6.1 | 0.16% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38118 | Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | [email protected] | 5.5 | 0.07% | 2024-11-22 | 2025-03-04 |
| CVE-2021-38117 | Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | [email protected] | 8.8 | 0.82% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38116 | Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5 | [email protected] | 8.8 | 0.18% | 2024-11-22 | 2025-04-10 |
| CVE-2024-9841 | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. | [email protected] | 7.0 | 0.90% | 2024-11-08 | 2024-11-13 |
| CVE-2020-11859 | Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3 | [email protected] | 7.6 | 0.20% | 2024-11-06 | 2024-11-08 |
| CVE-2024-5532 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26. | [email protected] | 1.8 | 0.18% | 2024-10-28 | 2025-10-14 |
| CVE-2024-4692 | Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1 | [email protected] | 1.8 | 0.16% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4690 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | [email protected] | 5.1 | 0.06% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4211 | Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Appli | [email protected] | 1.8 | 0.16% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4189 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | [email protected] | 5.9 | 0.07% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4184 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | [email protected] | 5.9 | 0.07% | 2024-10-16 | 2024-10-21 |
| CVE-2024-6360 | Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X. | [email protected] | 6.9 | 0.07% | 2024-10-02 | 2025-11-19 |
| CVE-2021-38133 | Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | [email protected] | 7.4 | 0.30% | 2024-09-12 | 2024-09-18 |