PT-2017-17726 · Micro Focus · Micro Focus Enterprise Server+3
Published
2017-08-21
·
Updated
2019-10-09
·
CVE-2017-7421
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Micro Focus Enterprise Developer and Enterprise Server versions prior to 2.3 Update 2 Hotfix 9
Micro Focus Enterprise Developer and Enterprise Server version 2.3
Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 1 through 2.3 Update 1 before Hotfix 8
Description
The issue concerns reflected and stored Cross-Site Scripting (XSS) in the Directory Server and ESMAC components. This allows remote authenticated attackers to bypass protection mechanisms and other security features.
Recommendations
For Micro Focus Enterprise Developer and Enterprise Server version 2.3, update to a version later than 2.3 Update 2 Hotfix 9.
For Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 1, apply Hotfix 8 or later.
For Micro Focus Enterprise Developer and Enterprise Server version 2.3 Update 2, apply Hotfix 9 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Directory Server
Esmac
Micro Focus Enterprise Developer
Micro Focus Enterprise Server