Vulnerability Description
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microfocus | Directory Server | - |
| Microfocus | Enterprise Developer | 2.3 |
| Microfocus | Enterprise Server | <= 2.3 |
| Microfocus | Enterprise Server Monitor And Control | - |
Related Weaknesses (CWE)
References
- https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_serve
- https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_serve
FAQ
What is CVE-2017-7421?
CVE-2017-7421 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro...
How severe is CVE-2017-7421?
CVE-2017-7421 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7421?
Check the references section above for vendor advisories and patch information. Affected products include: Microfocus Directory Server, Microfocus Enterprise Developer, Microfocus Enterprise Server, Microfocus Enterprise Server Monitor And Control.