CVE-2017-7422

Name of the Vulnerable Software and Affected Versions Micro Focus Enterprise Developer and Enterprise Server versions 2.3 through 2.3 Update 2 before Hotfix 9

Description The issue concerns reflected and stored Cross-Site Scripting (XSS) vulnerabilities in the esfadmingui component. This allows remote authenticated attackers to bypass protection mechanisms and other security features if the component is configured. It is noted that esfadmingui is not enabled by default.

Recommendations For Micro Focus Enterprise Developer and Enterprise Server versions 2.3 through 2.3 Update 2 before Hotfix 9, apply Hotfix 8 for version 2.3 Update 1 or Hotfix 9 for version 2.3 Update 2 to resolve the issue. As a temporary workaround, consider disabling the esfadmingui component until a patch is available.