Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-7421

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

Published

2017-08-21T15:29:00.263

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-79
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application microfocus directory_server - Yes
Application microfocus enterprise_developer 2.3 Yes
Application microfocus enterprise_developer 2.3 Yes
Application microfocus enterprise_developer 2.3 Yes
Application microfocus enterprise_server ≤ 2.3 Yes
Application microfocus enterprise_server 2.3 Yes
Application microfocus enterprise_server 2.3 Yes
Application microfocus enterprise_server_monitor_and_control - Yes
References