Vulnerabilities > Microfocus > Enterprise Developer

DATE CVE VULNERABILITY TITLE RISK
2017-08-21 CVE-2017-7420 Improper Authentication vulnerability in Microfocus products
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).
network
low complexity
microfocus CWE-287
critical
9.8
2017-08-21 CVE-2017-5187 Cross-Site Request Forgery (CSRF) vulnerability in Microfocus products
A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.
network
low complexity
microfocus CWE-352
8.8