Mitigations and availability of updates relating to security vulnerability in ESCWA component CVE-2023-32265.
CVE-2023-32265

7.1HIGH

Key Information:

Vendor: Micro Focus
Status: Enterprise Server; Enterprise Test Server; Enterprise Developer; Visual Cobol
Vendor: CVE Published:; 20 July 2023

🔔 Create Micro Focus Vulnerability Alert

What is CVE-2023-32265?

A security vulnerability exists within the Enterprise Server Common Web Administration (ESCWA) component utilized in various Micro Focus products. Exploitation requires authenticated access to ESCWA, giving an attacker the potential to compromise sensitive information, specifically a service account password. Although the affected account typically possesses limited privileges, it can still be leveraged to extract details from other user accounts. To mitigate this vulnerability, it is advised to restrict network access to ESCWA and carefully manage user permissions within the Micro Focus Directory Server.

Affected Version(s)

COBOL Server 6.0 <= 6.0 update 24

COBOL Server 7.0 <= 7.0 update 17

COBOL Server 8.0 <= 8.0 update 6

References

https://portal.microfocus.com/s/article/KM000019323?langu...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2023
Vulnerability Reserved
May 5, 2023

Credit

Richard R Rohrkemper III @Early Warning Security