Enterprise Server@2.3 Security Vulnerabilities and Issues — Enterprise Server@2.3 CVE List

Lucene search

MicrofocusEnterprise Server2.3

7 matches found

CVE•added 2017/08/21 3:29 p.m.•41 views

CVE-2017-5187

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to...

8.8CVSS8.6AI score0.00253EPSS

CVE•added 2017/08/21 3:29 p.m.•41 views

CVE-2017-7422

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and oth...

5.4CVSS5.4AI score0.00102EPSS

CVE•added 2017/08/21 3:29 p.m.•38 views

CVE-2017-7421

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, an...

6.1CVSS6AI score0.00166EPSS

CVE•added 2017/08/21 3:29 p.m.•35 views

CVE-2017-7420

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter c...

9.8CVSS9.2AI score0.00233EPSS

CVE•added 2017/08/21 3:29 p.m.•35 views

CVE-2017-7423

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes...

8.8CVSS8.5AI score0.00282EPSS

CVE•added 2017/08/21 3:29 p.m.•34 views

CVE-2017-7424

A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is ...

6.5CVSS6.2AI score0.00335EPSS

CVE•added 2018/10/12 1:29 p.m.•32 views

CVE-2018-12469

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer ...

7.5CVSS7.4AI score0.00336EPSS