Medium severity6.1NVD Advisory· Published Aug 21, 2017· Updated Jun 17, 2026
CVE-2017-7421
CVE-2017-7421
Description
Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.
Affected products
9- cpe:2.3:a:microfocus:directory_server:-:*:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_developer:2.3:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microfocus:enterprise_developer:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:microfocus:enterprise_developer:2.3:update1:*:*:*:*:*:*
- cpe:2.3:a:microfocus:enterprise_developer:2.3:update2:*:*:*:*:*:*
cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*range: <=2.3
- cpe:2.3:a:microfocus:enterprise_server:2.3:update1:*:*:*:*:*:*
- cpe:2.3:a:microfocus:enterprise_server:2.3:update2:*:*:*:*:*:*
- cpe:2.3:a:microfocus:enterprise_server_monitor_and_control:-:*:*:*:*:*:*:*
- Range: All versions before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.