CVE-2020-9524: XSS
First published: Mon May 18 2020(Updated: )
Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS).
Credit: security@microfocus.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microfocus Enterprise Developer | =5.0 | |
| Microfocus Enterprise Developer | =5.0-p1 | |
| Microfocus Enterprise Developer | =5.0-p2 | |
| Microfocus Enterprise Developer | =5.0-p3 | |
| Microfocus Enterprise Developer | =5.0-p4 | |
| Microfocus Enterprise Developer | =5.0-p5 | |
| Microfocus Enterprise Developer | =5.0-p6 | |
| Microfocus Enterprise Developer | =5.0-p7 | |
| Microfocus Enterprise Server | =5.0 | |
| Microfocus Enterprise Server | =5.0-p1 | |
| Microfocus Enterprise Server | =5.0-p2 | |
| Microfocus Enterprise Server | =5.0-p3 | |
| Microfocus Enterprise Server | =5.0-p4 | |
| Microfocus Enterprise Server | =5.0-p5 | |
| Microfocus Enterprise Server | =5.0-p6 | |
| Microfocus Enterprise Server | =5.0-p7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID for this vulnerability?
The CVE ID for this vulnerability is CVE-2020-9524.
What software versions are affected by this vulnerability?
Micro Focus Enterprise Server and Enterprise Developer versions prior to version 5.0 Patch Update 8 are affected.
How does this vulnerability impact the affected software?
This vulnerability allows an attacker to trigger administrative actions when an administrator views malicious data left by the attacker.
What is the severity rating of CVE-2020-9524?
The severity rating of CVE-2020-9524 is medium, with a CVSS score of 5.4.
How can I fix this vulnerability?
To fix this vulnerability, you should update Micro Focus Enterprise Server and Enterprise Developer to version 5.0 Patch Update 8 or later.
- collector/nvd-index
- agent/severity
- agent/type
- agent/author
- agent/weakness
- agent/event
- agent/references
- agent/last-modified-date
- agent/softwarecombine
- agent/description
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microfocus
- canonical/microfocus enterprise developer
- version/microfocus enterprise developer/5.0
- version/microfocus enterprise developer/5.0-p1
- version/microfocus enterprise developer/5.0-p2
- version/microfocus enterprise developer/5.0-p3
- version/microfocus enterprise developer/5.0-p4
- version/microfocus enterprise developer/5.0-p5
- version/microfocus enterprise developer/5.0-p6
- version/microfocus enterprise developer/5.0-p7
- canonical/microfocus enterprise server
- version/microfocus enterprise server/5.0
- version/microfocus enterprise server/5.0-p1
- version/microfocus enterprise server/5.0-p2
- version/microfocus enterprise server/5.0-p3
- version/microfocus enterprise server/5.0-p4
- version/microfocus enterprise server/5.0-p5
- version/microfocus enterprise server/5.0-p6
- version/microfocus enterprise server/5.0-p7