CVE-2018-12469 vulnerability in Micro Focus Products
Published on October 12, 2018
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2018-12469
stack.watch emails you whenever new vulnerabilities are published in Micro Focus Enterprise Developer or Micro Focus Enterprise Server. Just hit a watch button to start following.
Affected Versions
Micro Focus Enterprise Developer, Micro Focus Enterprise Server Version All versions before 3.0 Patch Update 12, 4.0 Patch Update 2, 5.0 is affected by CVE-2018-12469Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.