Microfocus: community verdicts
3 notable / known-exploited Microfocus CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Microfocus CVE, see NVD ↗.
- CVE-2021-22502CRIT 9.8KEVEPSS 97%
Remote Code execution vulnerability in Micro Focus Operation Bridge Reporter (OBR) product, affecting version 10.40. The vulnerability could be exploited to allow Remote Code Execution on the OBR server.
- CVE-2026-11878MED 6.1EPSS 0%
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scripting (XSS). This issue affects Access Manager: from 5.1 through 5.1.2.
- CVE-2026-11877HIGH 7.5Real · low riskEPSS 0%
An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.