彙總 Micro Focus 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 CSRF與緩衝區溢位 等問題,部分漏洞可能導致 記憶體損壞,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-2123 | A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability | [email protected] | 8.6 | 0.01% | 2026-03-31 | 2026-04-03 |
| CVE-2023-24467 | Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000. | [email protected] | 8.8 | 0.74% | 2024-11-22 | 2025-04-10 |
| CVE-2023-24466 | Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200. | [email protected] | 7.5 | 0.05% | 2024-11-22 | 2025-04-10 |
| CVE-2022-26324 | Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000. | [email protected] | 7.6 | 0.08% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38135 | Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000. | [email protected] | 8.6 | 0.12% | 2024-11-22 | 2025-03-04 |
| CVE-2021-38134 | Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000. | [email protected] | 6.1 | 0.15% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38119 | Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | [email protected] | 6.1 | 0.16% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38118 | Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | [email protected] | 5.5 | 0.07% | 2024-11-22 | 2025-03-04 |
| CVE-2021-38117 | Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | [email protected] | 8.8 | 0.82% | 2024-11-22 | 2025-04-10 |
| CVE-2021-38116 | Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5 | [email protected] | 8.8 | 0.18% | 2024-11-22 | 2025-04-10 |
| CVE-2024-9841 | A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited. | [email protected] | 7.0 | 0.90% | 2024-11-08 | 2024-11-13 |
| CVE-2020-11859 | Improper Input Validation vulnerability in OpenText iManager allows Cross-Site Scripting (XSS). This issue affects iManager before 3.2.3 | [email protected] | 7.6 | 0.20% | 2024-11-06 | 2024-11-08 |
| CVE-2024-5532 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent. The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26. | [email protected] | 1.8 | 0.18% | 2024-10-28 | 2025-10-14 |
| CVE-2024-4692 | Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - Service Virtualization config has been discovered in in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate Service Virtualization server names. This issue affects OpenText Application Automation Tools: 24.1 | [email protected] | 1.8 | 0.16% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4690 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | [email protected] | 5.1 | 0.06% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4211 | Improper Validation of Specified Quantity in Input vulnerability in OpenText OpenText Application Automation Tools allows Exploiting Incorrectly Configured Access Control Security Levels. Multiple missing permission checks - ALM job config has been discovered in OpenText Application Automation Tools. The vulnerability could allow users with Overall/Read permission to enumerate ALM server names, usernames and client IDs configured to be used with ALM servers. This issue affects OpenText Appli | [email protected] | 1.8 | 0.16% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4189 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | [email protected] | 5.9 | 0.07% | 2024-10-16 | 2024-10-21 |
| CVE-2024-4184 | Improper Restriction of XML External Entity Reference vulnerability in OpenText Application Automation Tools allows DTD Injection.This issue affects OpenText Application Automation Tools: 24.1.0 and below. | [email protected] | 5.9 | 0.07% | 2024-10-16 | 2024-10-21 |
| CVE-2024-6360 | Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23.0 through 23.X, from 24.0 through 24.X. | [email protected] | 6.9 | 0.07% | 2024-10-02 | 2025-11-19 |
| CVE-2021-38133 | Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000. | [email protected] | 7.4 | 0.30% | 2024-09-12 | 2024-09-18 |