CVE-2023-32265
Published: Jul 20, 2023
Modified: Oct 21, 2024
CVSS v3.1
7.1
Description
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue. Given the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.
| Vendor | Product | Versions |
|---|---|---|
Micro Focus | Enterprise Server | affected 6.0 - <= 6.0 update 24affected 7.0 - <= 7.0 update 17affected 8.0 - <= 8.0 update 6 |
Micro Focus | Enterprise Test Server | affected 6.0 - <= 6.0 update 24affected 7.0 - <= 7.0 update 17affected 8.0 - <= 8.0 update 6 |
Micro Focus | Enterprise Developer | affected 6.0 - <= 6.0 update 24affected 7.0 - <= 7.0 update 17affected 8.0 - <= 8.0 update 6 |
Micro Focus | Visual COBOL | affected 6.0 - <= 6.0 update 24affected 7.0 - <= 7.0 update 17affected 8.0 - <= 8.0 update 6 |
Micro Focus | COBOL Server | affected 6.0 - <= 6.0 update 24affected 7.0 - <= 7.0 update 17affected 8.0 - <= 8.0 update 6 |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now