📦

enterprise_server_monitor_and_control

Vendor: microfocus

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 51 Total Indexed

Avg. EPSS 0.55% Exploit Prob.

Latest CVE CVE-2017-7421 Aug 21

Security Vulnerability Index

Page 1 / 6

6.1 CVSS

CVE-2017-7421

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

EPSS: 0.49%

Severity: MEDIUM

Aug 21, 2017

9.8 CVSS

CVE-2017-7420

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).

EPSS: 0.96%

Severity: CRITICAL

Aug 21, 2017

8.8 CVSS

CVE-2017-5187

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.

EPSS: 0.19%

Severity: HIGH

Aug 21, 2017

Displaying 3 of 51 Total Entries

1 2 3 4 5 ... 6

Total 6 Sections