CVE-2017-7421

Name of the Vulnerable Software and Affected Versions Micro Focus Enterprise Developer and Enterprise Server versions prior to 2.3 Update 2 Hotfix 9 Micro Focus Enterprise Developer and Enterprise Server version 2.3 Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 1 through 2.3 Update 1 before Hotfix 8

Description The issue concerns reflected and stored Cross-Site Scripting (XSS) in the Directory Server and ESMAC components. This allows remote authenticated attackers to bypass protection mechanisms and other security features.

Recommendations For Micro Focus Enterprise Developer and Enterprise Server version 2.3, update to a version later than 2.3 Update 2 Hotfix 9. For Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 1, apply Hotfix 8 or later. For Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 2, apply Hotfix 9 or later.