HIGH✓ PATCH🇬🇧 English

CVE-2018-12469

CVSS 7.5v3.0pub. 2018-10-12upd. 2024-11-21

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Microfocus Enterprise Developer

    APP
    Microfocus
    2.33.04.0≤ 2.3
  • Microfocus Enterprise Server

    APP
    Microfocus
    2.33.04.0≤ 2.3
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2023-4501CRITICAL9.8ten sam produkt

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COB...

CVE-2017-7420CRITICAL9.8ten sam produkt

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro...

CVE-2023-32265HIGH7.1ten sam produkt

A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ES...

CVE-2020-9523HIGH8.8ten sam produkt

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, ...

CVE-2017-5187HIGH8.8ten sam produkt

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration...

CVE-2018-12469 — HIGH 7.5 | CVEbaza.pl