12 matches found
CVE-2020-9523
The CVE-2020-9523 issue affects Micro Focus Enterprise Server and Micro Focus Enterprise Developer (MFDS context) where credentials are insufficiently protected. Affected: all versions prior to 4.0 Patch Update 16 and 5.0 Patch Update 6. Root cause: failure to adequately protect hashed credential...
CVE-2020-9524
Micro Focus Enterprise Server and Enterprise Developer (all versions prior to 5.0 Patch Update 8) are affected by a Cross-Site Scripting (XSS) vulnerability in the web application layer. The root cause is insufficient validation of client-side data, enabling both stored and reflected XSS scenario...
CVE-2023-32265
Summary (CVE-2023-32265): The vulnerability affects the Enterprise Server Common Web Administration (ESCWA) component used across Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An authenticated ESCWA user could exploit conditions described in the ...
CVE-2017-7422
The CVE-2017-7422 entry concerns Micro Focus Enterprise Developer and Enterprise Server (ESM/ESMAN) with the esfadmingui component. It documents reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui affecting version 2.3, including 2.3 Update 1 before Hotfix 8 and...
CVE-2017-5187
CVE-2017-5187 describes a Cross-Site Request Forgery (CSRF) in Directory Server (Enterprise Server Administration web UI) of Micro Focus Enterprise Developer and Enterprise Server. Affected versions are 2.3 and earlier, including 2.3 Update 1 before Hotfix 8 and 2.3 Update 2 before Hotfix 9. The ...
CVE-2017-7421
CVE-2017-7421 describes Reflected and stored XSS (CWE-79) in Micro Focus Enterprise Developer/Enterprise Server, affecting Directory Server (Enterprise Server Administration web UI) and ESMAC. Impacted products: Micro Focus Enterprise Developer and Enterprise Server ≤ 2.3, including 2.3 Update 1 ...
CVE-2023-4501
OpenText (Micro Focus) Visual COBOL, COBOL Server, and Enterprise products (including Enterprise Developer/Enterprise Server) are affected. The issue: LDAP-based authentication can bypass and allow login with any valid username (and any password) or even an invalid username with any password for ...
CVE-2019-11651
The CVE-2019-11651 entry concerns a Reflected XSS in Micro Focus Enterprise Developer and Enterprise Server . All versions prior to specific patch updates are affected (3.0 Patch Update 20, 4.0 Patch Update 12, 5.0 Patch Update 2). The vulnerability could be exploited to redirect users to a malic...
CVE-2017-7423
The CVE-2017-7423 issue affects Micro Focus Enterprise Developer and Enterprise Server (2.3, including 2.3 Update 1 before Hotfix 8 and 2.3 Update 2 before Hotfix 9) where the esfadmingui component is vulnerable to Cross-Site Request Forgery (CSRF, CWE-352). An unauthenticated remote attacker can...
CVE-2018-12469
Micro Focus Enterprise Developer and Enterprise Server are affected by CVE-2018-12469 due to incorrect handling of an invalid HTTP request parameter value in the Directory Server (Enterprise Server Administration web UI). Affects: 2.3 Update 2 and earlier; 3.0 before Patch Update 12; 4.0 before P...
CVE-2017-7420
CVE-2017-7420 is a vulnerability in Micro Focus ESMAC (Enterprise Server Monitor and Control) used by Micro Focus Enterprise Developer and Enterprise Server up to 2.3 and earlier, including 2.3 Update 1 before Hotfix 8 and 2.3 Update 2 before Hotfix 9. The issue is an authentication bypass (CWE-2...
CVE-2017-7424
CVE-2017-7424 is a Path Traversal (CWE-22) vulnerability in esfadmingui of Micro Focus Enterprise Developer and Enterprise Server . It affects version 2.3, specifically 2.3 Update 1 before Hotfix 8 and 2.3 Update 2 before Hotfix 9 . The flaw enables remote authenticated users to download arbitrar...