Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HMicrofocus Enterprise Developer
APPMicrofocus2.33.04.0≤ 2.3Microfocus Enterprise Server
APPMicrofocus2.33.04.0≤ 2.3
Related vulnerabilities
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COB...
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro...
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ES...
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, ...
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration...