Lucene search

K
MicrofocusEnterprise Developer

12 matches found

CVE
CVE
added 2020/04/17 3:15 p.m.64 views

CVE-2020-9523

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the...

8.8CVSS8.6AI score0.00288EPSS
CVE
CVE
added 2020/05/18 2:15 p.m.50 views

CVE-2020-9524

Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (sto...

5.4CVSS5.3AI score0.00206EPSS
CVE
CVE
added 2017/08/21 3:29 p.m.41 views

CVE-2017-5187

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to...

8.8CVSS8.6AI score0.00253EPSS
CVE
CVE
added 2017/08/21 3:29 p.m.41 views

CVE-2017-7422

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and oth...

5.4CVSS5.4AI score0.00102EPSS
CVE
CVE
added 2017/08/21 3:29 p.m.38 views

CVE-2017-7421

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, an...

6.1CVSS6AI score0.00166EPSS
CVE
CVE
added 2019/10/02 9:15 p.m.37 views

CVE-2019-11651

Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests...

6.1CVSS5.9AI score0.0024EPSS
CVE
CVE
added 2017/08/21 3:29 p.m.35 views

CVE-2017-7420

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter c...

9.8CVSS9.2AI score0.00233EPSS
CVE
CVE
added 2017/08/21 3:29 p.m.35 views

CVE-2017-7423

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes...

8.8CVSS8.5AI score0.00282EPSS
CVE
CVE
added 2023/09/12 7:15 p.m.35 views

CVE-2023-4501

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, a...

9.8CVSS9.6AI score0.00172EPSS
CVE
CVE
added 2017/08/21 3:29 p.m.34 views

CVE-2017-7424

A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is ...

6.5CVSS6.2AI score0.00335EPSS
CVE
CVE
added 2018/10/12 1:29 p.m.32 views

CVE-2018-12469

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer ...

7.5CVSS7.4AI score0.00336EPSS
CVE
CVE
added 2023/07/20 2:15 p.m.30 views

CVE-2023-32265

A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.An attacker would need to be authenticated into ESCWA to attempt to exp...

7.1CVSS6.5AI score0.00163EPSS