PT-2017-17725 · Micro Focus · Micro Focus Enterprise Server+2
Published
2017-08-21
·
Updated
2019-10-09
·
CVE-2017-7420
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Micro Focus Enterprise Developer and Enterprise Server versions prior to 2.3 Update 2 Hotfix 9
Micro Focus Enterprise Developer and Enterprise Server version 2.3
Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 1 through 2.3 Update 1 before Hotfix 8
Description
The issue allows remote unauthenticated attackers to bypass authentication and view and alter configuration information, as well as alter the state of the running product. This is due to an Authentication Bypass vulnerability in ESMAC.
Recommendations
For Micro Focus Enterprise Developer and Enterprise Server versions prior to 2.3 Update 2 Hotfix 9, apply Hotfix 9 or later to resolve the issue.
For Micro Focus Enterprise Developer and Enterprise Server version 2.3, apply Update 1 and then Hotfix 8 or later to resolve the issue.
For Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 1 before Hotfix 8, apply Hotfix 8 or later to resolve the issue.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Esmac
Micro Focus Enterprise Developer
Micro Focus Enterprise Server