CVE-2017-7422

EPSS 1.0%CWE-79

Vexday Risk Score

3Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

21 ago 2017Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.

Productos afectados

Micro Focus · Micro Focus Enterprise Developer, Micro Focus Enterprise Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017