Skip to main content

Enterprise Developer CVE-2017-7420

CRITICAL
Improper Authentication (CWE-287)
2017-08-21 security@opentext.com
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 21, 2017 - 15:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).

AnalysisAI

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). Affected products include: Microfocus Enterprise Developer, Microfocus Enterprise Server, Microfocus Enterprise Server Monitor And Control.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.

CVE-2023-4501 CRITICAL
9.8 Sep 12

User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL

CVE-2017-7423 HIGH
8.8 Aug 21

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise S

CVE-2017-5187 HIGH
8.8 Aug 21

A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) i

CVE-2020-9523 HIGH
8.8 Apr 17

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting

CVE-2018-12469 HIGH
7.5 Oct 12

Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administ

CVE-2017-7424 MEDIUM
6.5 Aug 21

A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.

CVE-2023-32265 MEDIUM
6.5 Jul 20

A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) compon

CVE-2017-7421 MEDIUM
6.1 Aug 21

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Admin

CVE-2019-11651 MEDIUM
6.1 Oct 02

Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update

CVE-2017-7422 MEDIUM
5.4 Aug 21

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Develop

CVE-2020-9524 MEDIUM
5.4 May 18

Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions pri

Share

CVE-2017-7420 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy