Skip to main content

Directory Server CVE-2017-5187

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2017-08-21 security@opentext.com
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 21, 2017 - 15:29 cve.org
HIGH 8.8

DescriptionCVE.org

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.

AnalysisAI

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests. Affected products include: Microfocus Directory Server, Microfocus Enterprise Developer, Microfocus Enterprise Server, Microfocus Enterprise Server Monitor And Control.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2022-2850 MEDIUM POC
6.5 Oct 14

A flaw was found In 389-ds-base. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attac

CVE-2019-3870 MEDIUM POC
6.1 Apr 09

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. Rated medium severi

CVE-2026-9064 HIGH
7.5 May 20

Denial of service in 389-ds-base LDAP server allows remote unauthenticated attackers to exhaust CPU and heap memory by s

CVE-2022-1949 HIGH
7.5 Jun 02

An access control bypass vulnerability found in 389-ds-base. Rated high severity (CVSS 7.5), this vulnerability is remot

CVE-2024-6237 MEDIUM
6.5 Jul 09

A flaw was found in the 389 Directory Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitab

CVE-2017-7421 MEDIUM
6.1 Aug 21

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Admin

CVE-2024-1062 MEDIUM
5.5 Feb 12

A heap overflow flaw was found in 389-ds-base. Rated medium severity (CVSS 5.5), this vulnerability is low attack comple

CVE-2023-1055 MEDIUM
5.5 Feb 27

A flaw was found in RHDS 11 and RHDS 12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

CVE-2014-3562 MEDIUM
5.0 Aug 21

Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensit

CVE-2013-4485 MEDIUM
4.0 Nov 23

389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before 8.2.11-14) allows remote authenticated users to caus

CVE-2013-2219 MEDIUM
4.0 Jul 31

The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attribu

CVE-2012-2746 LOW
2.1 Jul 03

389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user ha

Share

CVE-2017-5187 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy