CVE-2017-7423

Name of the Vulnerable Software and Affected Versions Micro Focus Enterprise Developer and Enterprise Server versions 2.3 through 2.3 Update 2 before Hotfix 9

Description A Cross-Site Request Forgery issue allows remote unauthenticated attackers to forge requests, potentially creating new privileged credentials and resulting in privilege elevation, if the esfadmingui component is configured.

Recommendations For versions 2.3 through 2.3 Update 2 before Hotfix 9, apply Hotfix 9 to resolve the issue. As a temporary workaround, consider disabling the esfadmingui component until a patch is available.