ESMAC Authentication Bypass and Configuration Alteration Vulnerability

ESMAC Authentication Bypass and Configuration Alteration Vulnerability

CVE-2017-7420 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to view and alter configuration information and alter the state of the running product (CWE-275).

Learn more about our Cis Benchmark Audit For Server Software.