OpenTextCVELIST:CVE-2023-32265CVE-2023-32265 Mitigations and availability of updates relating to security vulnerability in ESCWA component CVE-2023-32265.
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.9%
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.
An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting usersΓ’β¬β’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue.
Given the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Test Server",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Developer",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Visual COBOL",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0 ",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "COBOL Server",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0 ",
"versionType": "semver"
}
]
}
]Related
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.9%