PT-2017-16374 · Micro Focus · Micro Focus Enterprise Server+2
Published
2017-08-21
·
Updated
2019-10-09
·
CVE-2017-5187
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Micro Focus Enterprise Developer and Enterprise Server versions prior to 2.3 Update 1 Hotfix 8
Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 2 before Hotfix 9
Description
A Cross-Site Request Forgery issue in the Directory Server allows remote unauthenticated attackers to view and alter configuration information and inject OS commands via forged requests.
Recommendations
For versions prior to 2.3 Update 1 Hotfix 8, apply Hotfix 8 to resolve the issue.
For version 2.3 Update 2 before Hotfix 9, apply Hotfix 9 to resolve the issue.
As a temporary workaround, consider restricting access to the Directory Server to minimize the risk of exploitation.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Directory Server
Micro Focus Enterprise Developer
Micro Focus Enterprise Server