A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HMicrofocus Directory Server
APPMicrofocuswszystkie wersjeMicrofocus Enterprise Developer
APPMicrofocus2.3Microfocus Enterprise Server
APPMicrofocus2.3≤ 2.3Microfocus Enterprise Server Monitor And Control
APPMicrofocuswszystkie wersje
Related vulnerabilities
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COB...
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro...
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ES...
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, ...
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Serve...