VYPR
Medium severity6.1NVD Advisory· Published Aug 21, 2017· Updated Jun 17, 2026

CVE-2017-7421

CVE-2017-7421

Description

Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features.

Affected products

9
  • cpe:2.3:a:microfocus:directory_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:enterprise_developer:2.3:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:microfocus:enterprise_developer:2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:microfocus:enterprise_developer:2.3:update1:*:*:*:*:*:*
    • cpe:2.3:a:microfocus:enterprise_developer:2.3:update2:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*range: <=2.3
    • cpe:2.3:a:microfocus:enterprise_server:2.3:update1:*:*:*:*:*:*
    • cpe:2.3:a:microfocus:enterprise_server:2.3:update2:*:*:*:*:*:*
  • cpe:2.3:a:microfocus:enterprise_server_monitor_and_control:-:*:*:*:*:*:*:*
  • Range: All versions before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.