RSS   Vulnerabilities for 'Directory server'   RSS

2017-08-21
 
CVE-2017-7421

 

 
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

 
 
CVE-2017-5187

 

 
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.

 

 >>> Vendor: Microfocus 40 Products
Cobol
Visibroker
Rumba
Rumba ftp
Host access management and security server
Reflection for the web
Reflection security gateway
Reflection zfe
Enterprise server monitor and control
Enterprise server
Enterprise developer
Directory server
Bi-directional driver
Connected backup
Project and portfolio management
Operations manager i
Fortify audit workbench
Fortify software security center
Universal cmdb foundation software
Ucmdb configuration manager
Project and portfolio management center
Cms server
Universal cmdb
Universal cmdb browser
Client
Arcsight enterprise security manager
Data center automation
Hybrid cloud management
Network operations management
Operations bridge
Service management automation
Network virtualization
Service virtualization
Unified functional testing
Netware
Access manager
Service manager
Real user monitoring
Edirectory
FILR


Copyright 2019, cxsecurity.com

 

Back to Top