CVE-2017-7424 is a vulnerability in Micro Focus Enterprise Developer
Published on August 21, 2017
A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2017-7424 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2017-7424
Want to know whenever a new CVE is published for Micro Focus Enterprise Developer? stack.watch will email you.
Affected Versions
Micro Focus Enterprise Developer, Micro Focus Enterprise Server Version All versions before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9 is affected by CVE-2017-7424Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.