Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2017-7421

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

  • Published: Aug 21, 2017
  • Updated: Apr 13, 2023
  • CVE: CVE-2017-7421
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.1
  • AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
microfocus / enterprise_developer 2.3-update2 2.3-update2.x
microfocus / enterprise_server 2.3-update1 2.3-update1.x
microfocus / enterprise_server 2.3-update2 2.3-update2.x
microfocus / enterprise_developer 2.3 2.3.x
microfocus / enterprise_server - 2.3.x
microfocus / enterprise_developer 2.3-update1 2.3-update1.x