Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Enterprise server'
2020-05-18
CVE-2020-9524
CWE-79
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS).
2019-10-02
CVE-2019-11651
CWE-79
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a malicious page or forge certain types of web requests.
2018-10-12
CVE-2018-12469
CWE-476
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
2017-08-21
CVE-2017-7424
CWE-22
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.
CVE-2017-7423
CWE-352
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.
CVE-2017-7422
CWE-79
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.
CVE-2017-7421
CWE-79
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.
CVE-2017-7420
CWE-287
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).
CVE-2017-5187
CWE-352
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.
>>>
Vendor:
Microfocus
68
Products
Directory server
Enterprise server
Netware
Client
Cobol
Edirectory
Rumba
Open enterprise server
Identity manager
Access manager
Service manager
Visibroker
Operations agent
Project and portfolio management center
Reflection for the web
Data protector
Network automation
Connected backup
Fortify software security center
Arcsight logger
Arcsight enterprise security manager
Verastream host integrator
Unified functional testing
Operations manager i
Service virtualization
Network virtualization
FILR
Content manager
Arcsight management center
Rumba ftp
Host access management and security server
Reflection security gateway
Reflection zfe
VIBE
Enterprise server monitor and control
Enterprise developer
Arcsight enterprise security manager express
Application performance management
Ucmdb configuration manager
Bi-directional driver
Project and portfolio management
Fortify audit workbench
Universal cmdb foundation software
Cms server
Universal cmdb
Universal cmdb browser
Data center automation
Hybrid cloud management
Network operations management
Operations bridge
Service management automation
Real user monitoring
Netiq edirectory
Solutions business manager
Netiq self service password reset
Verastream host integrato
Service manager chat server
Service manager chat service
Acutoweb
Service manager automation
Secure messaging gateway
Operation bridge reporter
IDOL
Operations bridge manager
Application automation tools
Netiq advanced authentication
Voltage securemail
Netiq access manager
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Enterprise server' 