CVE-2017-5187

Name of the Vulnerable Software and Affected Versions Micro Focus Enterprise Developer and Enterprise Server versions prior to 2.3 Update 1 Hotfix 8 Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 2 before Hotfix 9

Description A Cross-Site Request Forgery issue in the Directory Server allows remote unauthenticated attackers to view and alter configuration information and inject OS commands via forged requests.

Recommendations For versions prior to 2.3 Update 1 Hotfix 8, apply Hotfix 8 to resolve the issue. For version 2.3 Update 2 before Hotfix 9, apply Hotfix 9 to resolve the issue. As a temporary workaround, consider restricting access to the Directory Server to minimize the risk of exploitation.