7.5
CVE-2018-12469
- EPSS 0.34%
- Published 12.10.2018 13:29:00
- Last modified 21.11.2024 03:45:16
- Source security@opentext.com
- Teams watchlist Login
- Open Login
Incorrect handling of an invalid value for an HTTP request parameter by Directory Server (aka Enterprise Server Administration web UI) in Micro Focus Enterprise Developer and Enterprise Server 2.3 Update 2 and earlier, 3.0 before Patch Update 12, and 4.0 before Patch Update 2 causes a null pointer dereference (CWE-476) and subsequent denial of service due to process termination.
Data is provided by the National Vulnerability Database (NVD)
Microfocus ≫ Enterprise Developer Version <= 2.3
Microfocus ≫ Enterprise Developer Version2.3 Updateupdate1
Microfocus ≫ Enterprise Developer Version2.3 Updateupdate2
Microfocus ≫ Enterprise Developer Version3.0
Microfocus ≫ Enterprise Developer Version4.0
Microfocus ≫ Enterprise Developer Version4.0 Updateupdate1
Microfocus ≫ Enterprise Server Version <= 2.3
Microfocus ≫ Enterprise Server Version2.3 Updateupdate1
Microfocus ≫ Enterprise Server Version2.3 Updateupdate2
Microfocus ≫ Enterprise Server Version3.0
Microfocus ≫ Enterprise Server Version4.0
Microfocus ≫ Enterprise Server Version4.0 Updateupdate1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.534 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.