What is the severity of CVE-2017-7422?

The severity of CVE-2017-7422 is rated as medium with a score of 5.4.

How do I fix CVE-2017-7422?

To fix CVE-2017-7422, update Micro Focus Enterprise Developer and Enterprise Server to version 2.3 Hotfix 8 or later, or 2.3 Update 2 Hotfix 9.

What types of vulnerabilities are present in CVE-2017-7422?

CVE-2017-7422 is associated with reflected and stored Cross-Site Scripting (XSS) vulnerabilities.

Which software versions are affected by CVE-2017-7422?

CVE-2017-7422 affects Micro Focus Enterprise Developer and Enterprise Server versions 2.3, 2.3 Update 1, and 2.3 Update 2 before the respective hotfixes.

Can CVE-2017-7422 be exploited remotely?

Yes, CVE-2017-7422 allows remote authenticated attackers to exploit the vulnerability.

Vulnerability/
CVE-2017-7422

medium

5.4

CWE

21/8/2017

17/9/2024

CVE-2017-7422: XSS

First published: Mon Aug 21 2017(Updated: )

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. Note esfadmingui is not enabled by default.

Credit: meissner@suse.de

Affected Software	Affected Version	How to fix
Microfocus Enterprise Developer	=2.3
Microfocus Enterprise Developer	=2.3-update1
Microfocus Enterprise Developer	=2.3-update2
Microfocus Enterprise Server	=2.3
Microfocus Enterprise Server	=2.3-update1
Microfocus Enterprise Server	=2.3-update2

Never miss a vulnerability like this again

Reference Links

https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017

Frequently Asked Questions

What is the severity of CVE-2017-7422?
The severity of CVE-2017-7422 is rated as medium with a score of 5.4.
How do I fix CVE-2017-7422?
To fix CVE-2017-7422, update Micro Focus Enterprise Developer and Enterprise Server to version 2.3 Hotfix 8 or later, or 2.3 Update 2 Hotfix 9.
What types of vulnerabilities are present in CVE-2017-7422?
CVE-2017-7422 is associated with reflected and stored Cross-Site Scripting (XSS) vulnerabilities.
Which software versions are affected by CVE-2017-7422?
CVE-2017-7422 affects Micro Focus Enterprise Developer and Enterprise Server versions 2.3, 2.3 Update 1, and 2.3 Update 2 before the respective hotfixes.
Can CVE-2017-7422 be exploited remotely?
Yes, CVE-2017-7422 allows remote authenticated attackers to exploit the vulnerability.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/references
agent/weakness
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/microfocus
canonical/microfocus enterprise developer
version/microfocus enterprise developer/2.3
version/microfocus enterprise developer/2.3-update1
version/microfocus enterprise developer/2.3-update2
canonical/microfocus enterprise server
version/microfocus enterprise server/2.3
version/microfocus enterprise server/2.3-update1
version/microfocus enterprise server/2.3-update2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.