Null Pointer Dereference in Micro Focus Enterprise Server Administration Web UI
CVE-2018-12469

7.5HIGH

Key Information:

Vendor: Micro Focus
Status: Micro Focus Enterprise Developer, Micro Focus Enterprise Server
Vendor: CVE Published:; 12 October 2018

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2018-12469?

The Directory Server, part of the Micro Focus Enterprise Developer and Enterprise Server offerings, has a vulnerability that arises from improper handling of invalid HTTP request parameters. This flaw can lead to a null pointer dereference, causing the process to terminate unexpectedly. As a result, this vulnerability can trigger denial of service conditions, ultimately affecting the availability of the service for users. It is crucial for organizations utilizing these products to patch their systems promptly to mitigate the risks associated with this vulnerability.

Affected Version(s)

Micro Focus Enterprise Developer, Micro Focus Enterprise Server All versions before 3.0 Patch Update 12, 4.0 Patch Update 2, 5.0

References

https://community.microfocus.com/microfocus/mainframe_sol...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 12, 2018
Vulnerability Reserved
Jun 15, 2018