CVE-2018-12469

Name of the Vulnerable Software and Affected Versions Micro Focus Enterprise Developer and Enterprise Server versions 2.3 Update 2 and earlier, 3.0 before Patch Update 12, 4.0 before Patch Update 2

Description The issue arises from the incorrect handling of an invalid value for an HTTP request parameter by the Directory Server, also known as the Enterprise Server Administration web UI. This leads to a null pointer dereference and results in a denial of service due to process termination.

Recommendations For versions 2.3 Update 2 and earlier, apply the necessary patches to update beyond these versions. For version 3.0, apply Patch Update 12 or later. For version 4.0, apply Patch Update 2 or later.