Vulnerabilities > Microfocus > Enterprise Server > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-17 | CVE-2020-9523 | Insufficiently Protected Credentials vulnerability in Microfocus Enterprise Developer Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. | 8.8 |
| 2019-10-02 | CVE-2019-11651 | Cross-site Scripting vulnerability in Microfocus Enterprise Developer and Enterprise Server Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. | 6.1 |
| 2018-10-12 | CVE-2018-12469 | NULL Pointer Dereference vulnerability in Microfocus Enterprise Developer and Enterprise Server Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination. | 7.5 |