CVE-2017-7424

Name of the Vulnerable Software and Affected Versions Micro Focus Enterprise Developer and Enterprise Server versions 2.3 through 2.3 Update 2 before Hotfix 9

Description A Path Traversal issue allows remote authenticated users to download arbitrary files from a system running the product, given that the esfadmingui component is configured. Note that esfadmingui is not enabled by default.

Recommendations For versions 2.3 through 2.3 Update 2 before Hotfix 9, apply Hotfix 8 for 2.3 Update 1 or Hotfix 9 for 2.3 Update 2 to resolve the issue. As a temporary workaround, consider disabling the esfadmingui component until a patch is available.