CVE-2017-7423

CVE-2017-7423

Vendor Micro Focus

Product Micro Focus Enterprise Developer, Micro Focus Enterprise Server

Weakness CWE-352 · CSRF

Published August 21, 2017

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default.

Key dates

02Disclosure timeline

August 21, 2017 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-7423 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

Identifiers

CVE CVE-2017-7423

CWE CWE-352

Affected versions

Vendor Micro Focus

Product Micro Focus Enterprise Developer, Micro Focus Enterprise Server

Affected 2.3 before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9

01Description

02Disclosure timeline

03References

04Related CVE