Micro Focus Enterprise Developer and Enterprise Server Cross-Site Request Forgery Vulnerability (CNVD-2017-26443)

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company. micro Focus Enterprise Developer is a set of integrated development environments for the mainframe. enterprise Server is a production deployment platform for mainframe programs. Enterprise...

Micro Focus Enterprise Developer and Enterprise Server Cross-Site Scripting Vulnerability (CNVD-2017-26441)

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company. micro Focus Enterprise Developer is a set of integrated development environments for the mainframe. enterprise Server is a set of Enterprise Server is a production deployment platform for...

Micro Focus Enterprise Developer and Enterprise Server Cross-Site Scripting Vulnerability

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...

Micro Focus Enterprise Developer and Enterprise Server Authentication Bypass Vulnerability

Micro Focus Enterprise Developer and Enterprise Server are both products of Micro Focus, a British company.Micro Focus Enterprise Developer is a set of integrated development environments for the mainframe.Enterprise Server is a production deployment platform for mainframe programs. Enterprise...

Path traversal

A Path Traversal CWE-22 vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is...

CVE-2017-7420

An Authentication Bypass CWE-287 vulnerability in ESMAC aka Enterprise Server Monitor and Control in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter...

CVE-2017-7422

Reflected and stored Cross-Site Scripting XSS, CWE-79 vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms CWE-693 and other...

CVE-2017-7423

A Cross-Site Request Forgery CWE-352 vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes...

CVE-2017-7420

An Authentication Bypass CWE-287 vulnerability in ESMAC aka Enterprise Server Monitor and Control in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter...

CVE-2017-7421

Reflected and stored Cross-Site Scripting XSS, CWE-79 vulnerabilities in Directory Server aka Enterprise Server Administration web UI and ESMAC aka Enterprise Server Monitor and Control in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2....

CVE-2017-7423

A Cross-Site Request Forgery CWE-352 vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes...

CVE-2017-7422

The CVE-2017-7422 entry concerns Micro Focus Enterprise Developer and Enterprise Server (ESM/ESMAN) with the esfadmingui component. It documents reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui affecting version 2.3, including 2.3 Update 1 before Hotfix 8 and...

CVE-2017-7420

CVE-2017-7420 is a vulnerability in Micro Focus ESMAC (Enterprise Server Monitor and Control) used by Micro Focus Enterprise Developer and Enterprise Server up to 2.3 and earlier, including 2.3 Update 1 before Hotfix 8 and 2.3 Update 2 before Hotfix 9. The issue is an authentication bypass (CWE-2...

CVE-2017-7424

CVE-2017-7424 is a Path Traversal (CWE-22) vulnerability in esfadmingui of Micro Focus Enterprise Developer and Enterprise Server . It affects version 2.3, specifically 2.3 Update 1 before Hotfix 8 and 2.3 Update 2 before Hotfix 9 . The flaw enables remote authenticated users to download arbitrar...

CVE-2017-5187

CVE-2017-5187 describes a Cross-Site Request Forgery (CSRF) in Directory Server (Enterprise Server Administration web UI) of Micro Focus Enterprise Developer and Enterprise Server. Affected versions are 2.3 and earlier, including 2.3 Update 1 before Hotfix 8 and 2.3 Update 2 before Hotfix 9. The ...

CVE-2017-7421

CVE-2017-7421 describes Reflected and stored XSS (CWE-79) in Micro Focus Enterprise Developer/Enterprise Server, affecting Directory Server (Enterprise Server Administration web UI) and ESMAC. Impacted products: Micro Focus Enterprise Developer and Enterprise Server ≤ 2.3, including 2.3 Update 1 ...

CVE-2017-7421

Reflected and stored Cross-Site Scripting XSS, CWE-79 vulnerabilities in Directory Server aka Enterprise Server Administration web UI and ESMAC aka Enterprise Server Monitor and Control in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2....

CVE-2017-7423

The CVE-2017-7423 issue affects Micro Focus Enterprise Developer and Enterprise Server (2.3, including 2.3 Update 1 before Hotfix 8 and 2.3 Update 2 before Hotfix 9) where the esfadmingui component is vulnerable to Cross-Site Request Forgery (CSRF, CWE-352). An unauthenticated remote attacker can...

CVE-2017-7423

A Cross-Site Request Forgery CWE-352 vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes...

CVE-2017-5187

A Cross-Site Request Forgery CWE-352 vulnerability in Directory Server aka Enterprise Server Administration web UI in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to...