CVE-2017-7423

Summary

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.

Affected Software

VendorProductVersion RangeStatus
Micro FocusMicro Focus Enterprise Developer, Micro Focus Enterprise Server2.3 before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CWE-352)

ADP Enrichment

CVE Program Container

Additional References

References