Cross site request forgery (csrf)

2017-08-2115:29:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.0%

JSON

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.

CPENameOperatorVersion
enterprise_developereq2.3 update2
enterprise_developereq2.3
enterprise_developereq2.3 update1
enterprise_servereq2.3
enterprise_servereq2.3 update1
enterprise_servereq2.3 update2

Name	Operator	Version
enterprise_developer	eq	2.3 update2
enterprise_developer	eq	2.3
enterprise_developer	eq	2.3 update1
enterprise_server	eq	2.3
enterprise_server	eq	2.3 update1
enterprise_server	eq	2.3 update2