A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and previous versions, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated malicious users to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microfocus enterprise server monitor and control - |
||
microfocus enterprise developer 2.3 |
||
microfocus enterprise server 2.3 |
||
microfocus directory server - |
||
microfocus enterprise server |