Vulnerability Description
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Directory Server | - |
| Microfocus | Enterprise Developer | 2.3 |
| Microfocus | Enterprise Server | <= 2.3 |
| Microfocus | Enterprise Server Monitor And Control | - |
Related Weaknesses (CWE)
References
- https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_serve
- https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_serve
FAQ
What is CVE-2017-5187?
CVE-2017-5187 is a vulnerability with a CVSS score of 8.8 (HIGH). A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Up...
How severe is CVE-2017-5187?
CVE-2017-5187 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5187?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Directory Server, Microfocus Enterprise Developer, Microfocus Enterprise Server, Microfocus Enterprise Server Monitor And Control.