CRITICAL✓ PATCH🇬🇧 English

CVE-2017-7420

CVSS 9.8v3.0pub. 2017-08-21upd. 2026-05-13

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microfocus Enterprise Developer

    APP
    Microfocus
    2.3
  • Microfocus Enterprise Server

    APP
    Microfocus
    2.3≤ 2.3
  • Microfocus Enterprise Server Monitor And Control

    APP
    Microfocus
    wszystkie wersje
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
Auth Bypass
CWE
Referencje

Powiązane podatności

CVE-2023-4501CRITICAL9.8ten sam produkt

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COB...

CVE-2023-32265HIGH7.1ten sam produkt

A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ES...

CVE-2020-9523HIGH8.8ten sam produkt

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, ...

CVE-2018-12469HIGH7.5ten sam produkt

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Serve...

CVE-2017-5187HIGH8.8ten sam produkt

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration...