CVE-2017-7421

MEDIUM

Micro Focus Enterprise Developer/EEnterprise Server <2.3 - XSS

Title source: llm

Description

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

References (1)

Core 1

Core References

Various Sources x_refsource_misc

https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017

Scores

CVSS v3 6.1

EPSS 0.0049

EPSS Percentile 65.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (6)

Micro Focus/Micro Focus Enterprise Developer, Micro Focus Enterprise Server All versions before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9

microfocus/directory_server

microfocus/enterprise_developer 2.3 (3 CPE variants)

microfocus/enterprise_server 2.3 update1 (2 CPE variants)

microfocus/enterprise_server < 2.3

microfocus/enterprise_server_monitor_and_control

Published Aug 21, 2017

Tracked Since Feb 18, 2026