CVE-2017-7421

Опубликовано: 21 авг. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microfocus:directory_server:-:*:*:*:*:*:*:*

cpe:2.3:a:microfocus:enterprise_developer:2.3:*:*:*:*:*:*:*

cpe:2.3:a:microfocus:enterprise_developer:2.3:update1:*:*:*:*:*:*

cpe:2.3:a:microfocus:enterprise_developer:2.3:update2:*:*:*:*:*:*

cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*

Версия до 2.3 (включая)

cpe:2.3:a:microfocus:enterprise_server:2.3:update1:*:*:*:*:*:*

cpe:2.3:a:microfocus:enterprise_server:2.3:update2:*:*:*:*:*:*

cpe:2.3:a:microfocus:enterprise_server_monitor_and_control:-:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00306

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-jmxj-p595-5mfj