CVE-2017-5187 - CERT CVE
ID CVE-2017-5187
Sažetak A Cross-Site Request Forgery (CWE-352) vulnerability in Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter (CWE-275) configuration information and inject OS commands (CWE-78) via forged requests.
Reference
CVSS
Base: 6.8
Impact: 6.4
Exploitability:8.6
Pristup
VektorSloženostAutentikacija
NETWORK MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
PARTIAL PARTIAL PARTIAL
CVSS vektor AV:N/AC:M/Au:N/C:P/I:P/A:P
Zadnje važnije ažuriranje 07-11-2023 - 02:49
Objavljeno 21-08-2017 - 15:29