Path Traversal Vulnerability in Micro Focus Enterprise Developer and Enterprise Server (CWE-22)

Path Traversal Vulnerability in Micro Focus Enterprise Developer and Enterprise Server (CWE-22)

CVE-2017-7424 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.

Learn more about our Cis Benchmark Audit For Server Software.