CVE-2017-7420

Name of the Vulnerable Software and Affected Versions Micro Focus Enterprise Developer and Enterprise Server versions prior to 2.3 Update 2 Hotfix 9 Micro Focus Enterprise Developer and Enterprise Server version 2.3 Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 1 through 2.3 Update 1 before Hotfix 8

Description The issue allows remote unauthenticated attackers to bypass authentication and view and alter configuration information, as well as alter the state of the running product. This is due to an Authentication Bypass vulnerability in ESMAC.

Recommendations For Micro Focus Enterprise Developer and Enterprise Server versions prior to 2.3 Update 2 Hotfix 9, apply Hotfix 9 or later to resolve the issue. For Micro Focus Enterprise Developer and Enterprise Server version 2.3, apply Update 1 and then Hotfix 8 or later to resolve the issue. For Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 1 before Hotfix 8, apply Hotfix 8 or later to resolve the issue.