RSS   Vulnerabilities for 'Enterprise server'   RSS

2020-05-18
 
CVE-2020-9524

CWE-79
 

 
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS).

 
2019-10-02
 
CVE-2019-11651

CWE-79
 

 
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.

 
2018-10-12
 
CVE-2018-12469

CWE-476
 

 
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.

 
2017-08-21
 
CVE-2017-7424

CWE-22
 

 
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.

 
 
CVE-2017-7423

CWE-352
 

 
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.

 
 
CVE-2017-7422

CWE-79
 

 
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.

 
 
CVE-2017-7421

CWE-79
 

 
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

 
 
CVE-2017-7420

CWE-287
 

 
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).

 
 
CVE-2017-5187

CWE-352
 

 
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.

 

 >>> Vendor: Microfocus 68 Products
Directory server
Enterprise server
Netware
Client
Cobol
Edirectory
Rumba
Open enterprise server
Identity manager
Access manager
Service manager
Visibroker
Operations agent
Project and portfolio management center
Reflection for the web
Data protector
Network automation
Connected backup
Fortify software security center
Arcsight logger
Arcsight enterprise security manager
Verastream host integrator
Unified functional testing
Operations manager i
Service virtualization
Network virtualization
FILR
Content manager
Arcsight management center
Rumba ftp
Host access management and security server
Reflection security gateway
Reflection zfe
VIBE
Enterprise server monitor and control
Enterprise developer
Arcsight enterprise security manager express
Application performance management
Ucmdb configuration manager
Bi-directional driver
Project and portfolio management
Fortify audit workbench
Universal cmdb foundation software
Cms server
Universal cmdb
Universal cmdb browser
Data center automation
Hybrid cloud management
Network operations management
Operations bridge
Service management automation
Real user monitoring
Netiq edirectory
Solutions business manager
Netiq self service password reset
Verastream host integrato
Service manager chat server
Service manager chat service
Acutoweb
Service manager automation
Secure messaging gateway
Operation bridge reporter
IDOL
Operations bridge manager
Application automation tools
Netiq advanced authentication
Voltage securemail
Netiq access manager


Copyright 2024, cxsecurity.com

 

Back to Top