CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9281 – Micro Focus VisiBroker C++ 8.5 SP2 Memory Corruption
https://notcve.org/view.php?id=CVE-2017-9281
An integer overflow (CWE-190) potentially causing an out-of-bounds read (CWE-125) vulnerability in Micro Focus VisiBroker 8.5 can lead to a denial of service. Un desbordamiento de enteros (CWE-190) que podría provocar una vulnerabilidad de lectura fuera de límites (CWE-125) en la versión 8.5 de Micro Focus VisiBroker podría conducir a una denegación de servicio. Micro Focus VisiBroker C++ version 8.5 SP2 suffers from multiple memory corruption vulnerabilities. • https://community.microfocus.com/microfocus/corba/visibroker_-_world_class_middleware/w/knowledge_base/29171/visibroker-8-5-service-pack-4-hotfix-3-security-fixes • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9283 – Micro Focus VisiBroker C++ 8.5 SP2 Memory Corruption
https://notcve.org/view.php?id=CVE-2017-9283
An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed. Existe una vulnerabilidad de lectura fuera de límites (CWE-125) en la versión 8.5 de Micro Focus VisiBroker. No se ha evaluado la posibilidad de explotar esta vulnerabilidad para realizar más ataques. Micro Focus VisiBroker C++ version 8.5 SP2 suffers from multiple memory corruption vulnerabilities. • https://community.microfocus.com/microfocus/corba/visibroker_-_world_class_middleware/w/knowledge_base/29171/visibroker-8-5-service-pack-4-hotfix-3-security-fixes • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-7420
https://notcve.org/view.php?id=CVE-2017-7420
An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275). Una vulnerabilidad de omisión de autenticación (CWE-287) en ESMAC (también llamado Enterprise Server Monitor and Control) en Micro Focus Enterprise Developer y Enterprise Server 2.3 y anteriores, 2.3 Update 1 en versiones anteriores a Hotfix 8, y 2.3 Update 2 en versiones anteriores a Hotfix 9 permite que atacantes remotos sin autenticar vean y alteren la información de configuración y alteren el estado del producto en ejecución (CWE-275). • https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7423
https://notcve.org/view.php?id=CVE-2017-7423
A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en esfadmingui en Micro Focus Enterprise Developer y Enterprise Server 2.3, 2.3 Update 1 en versiones anteriores a Hotfix 8, y 2.3 Update 2 en versiones anteriores a Hotfix 9 permite que atacantes remotos sin autenticar falsifiquen peticiones si este componente está configurado. Esto incluye la creación de nuevas credenciales con privilegios, resultando en una elevación de privilegios (CWE-275). • https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-7424
https://notcve.org/view.php?id=CVE-2017-7424
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default. Una vulnerabilidad de salto de directorio en esfadmingui en Micro Focus Enterprise Developer y Enterprise Server 2.3, 2.3 Update 1 en versiones anteriores a Hotfix 8, y 2.3 Update 2 en versiones anteriores a Hotfix 9 permite que atacantes remotos autenticados descarguen archivos arbitrarios desde un sistema ejecutando el producto si este componente está configurado. Nótese que esfadmingui no está habilitado por defecto. • https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •