CVE-2023-32265 (GCVE-0-2023-32265)
Vulnerability from cvelistv5 – Published: 2023-07-20 13:01 – Updated: 2024-10-21 13:05
VLAI?
Summary
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.
An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue.
Given the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.
Severity ?
7.1 (High)
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Micro Focus | Enterprise Server |
Affected:
6.0 , ≤ 6.0 update 24
(semver)
Affected: 7.0 , ≤ 7.0 update 17 (semver) Affected: 8.0 , ≤ 8.0 update 6 (semver) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Richard R Rohrkemper III @Early Warning Security
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:10:24.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://portal.microfocus.com/s/article/KM000019323?language=en_US"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32265",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T13:04:02.427181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T13:05:58.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Server",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Test Server",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Developer",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Visual COBOL",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0 ",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "COBOL Server",
"vendor": "Micro Focus",
"versions": [
{
"lessThanOrEqual": "6.0 update 24",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0 update 17",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0 update 6",
"status": "affected",
"version": "8.0 ",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Richard R Rohrkemper III @Early Warning Security "
}
],
"datePublic": "2023-07-19T13:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\u00e2\u20ac\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\u003c/span\u003e\n\n"
}
],
"value": "\nA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\nAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\u00e2\u20ac\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\n\nGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Password exposure for service account"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-20T13:01:38.269Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000019323?language=en_US"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEnterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "\nEnterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mitigations and availability of updates relating to security vulnerability in ESCWA component CVE-2023-32265.",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2023-32265",
"datePublished": "2023-07-20T13:01:38.269Z",
"dateReserved": "2023-05-05T14:42:20.153Z",
"dateUpdated": "2024-10-21T13:05:58.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:cobol_server:6.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3126671E-BE13-4240-B51F-C6FC9F3BABCE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:cobol_server:7.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD7DBDAA-E0C3-44E7-897F-59ED52990741\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:cobol_server:8.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A2BBD33-F853-494F-98FA-F5436AA6D4B0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:enterprise_developer:6.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF035EDF-2882-49C0-BABA-BA74169077CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:enterprise_developer:7.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E523EE6-1949-4890-97AD-6C06062115B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:enterprise_developer:8.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"2E411AFF-F1FF-4548-B2F0-DC15016FCACF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:enterprise_server:6.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"681ED2CA-D5DE-4828-AD4C-22042927AD56\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:enterprise_server:7.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"B43620BE-A850-4CB8-958E-802744DAE5EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:enterprise_server:8.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F47D3F3-6779-4501-B53D-A423F325BC7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:enterprise_test_server:6.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"F25363C5-6E2E-4A96-A6C7-4111ECCDC452\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:enterprise_test_server:7.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADC1491E-5BCB-4FB2-864E-3246C5F2ABEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:enterprise_test_server:8.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"08FD4630-9410-4335-9F07-A05D92CAB9B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:visual_cobol:6.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A60B87CD-A7FC-4761-A2F3-702EDE8AFA2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:visual_cobol:7.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"3440F8D5-194F-4592-A847-859353250DC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microfocus:visual_cobol:8.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"512DEAD9-6ABF-42FC-AD28-6F1BD039B8D9\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"\\nA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\\nAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\\u00e2\\u20ac\\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\\n\\nGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\\n\\n\"}]",
"id": "CVE-2023-32265",
"lastModified": "2024-11-21T08:03:00.267",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@opentext.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}]}",
"published": "2023-07-20T14:15:11.193",
"references": "[{\"url\": \"https://portal.microfocus.com/s/article/KM000019323?language=en_US\", \"source\": \"security@opentext.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://portal.microfocus.com/s/article/KM000019323?language=en_US\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-32265\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2023-07-20T14:15:11.193\",\"lastModified\":\"2024-11-21T08:03:00.267\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\\nAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\u00e2\u20ac\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\\n\\nGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:cobol_server:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3126671E-BE13-4240-B51F-C6FC9F3BABCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:cobol_server:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD7DBDAA-E0C3-44E7-897F-59ED52990741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:cobol_server:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2BBD33-F853-494F-98FA-F5436AA6D4B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF035EDF-2882-49C0-BABA-BA74169077CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E523EE6-1949-4890-97AD-6C06062115B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E411AFF-F1FF-4548-B2F0-DC15016FCACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"681ED2CA-D5DE-4828-AD4C-22042927AD56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B43620BE-A850-4CB8-958E-802744DAE5EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F47D3F3-6779-4501-B53D-A423F325BC7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_test_server:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F25363C5-6E2E-4A96-A6C7-4111ECCDC452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_test_server:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADC1491E-5BCB-4FB2-864E-3246C5F2ABEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_test_server:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"08FD4630-9410-4335-9F07-A05D92CAB9B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:visual_cobol:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A60B87CD-A7FC-4761-A2F3-702EDE8AFA2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:visual_cobol:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3440F8D5-194F-4592-A847-859353250DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:visual_cobol:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"512DEAD9-6ABF-42FC-AD28-6F1BD039B8D9\"}]}]}],\"references\":[{\"url\":\"https://portal.microfocus.com/s/article/KM000019323?language=en_US\",\"source\":\"security@opentext.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://portal.microfocus.com/s/article/KM000019323?language=en_US\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.microfocus.com/s/article/KM000019323?language=en_US\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:10:24.245Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-32265\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-21T13:04:02.427181Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T13:05:51.597Z\"}}], \"cna\": {\"title\": \"Mitigations and availability of updates relating to security vulnerability in ESCWA component CVE-2023-32265.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Richard R Rohrkemper III @Early Warning Security \"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Password exposure for service account\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Micro Focus\", \"product\": \"Enterprise Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Micro Focus\", \"product\": \"Enterprise Test Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Micro Focus\", \"product\": \"Enterprise Developer\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Micro Focus\", \"product\": \"Visual COBOL\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0 \", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Micro Focus\", \"product\": \"COBOL Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0 \", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\nEnterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eEnterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.\u003c/span\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2023-07-19T13:50:00.000Z\", \"references\": [{\"url\": \"https://portal.microfocus.com/s/article/KM000019323?language=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\\nAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\\u00e2\\u20ac\\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\\n\\nGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\\u00e2\\u20ac\\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\u003c/span\u003e\\n\\n\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"shortName\": \"OpenText\", \"dateUpdated\": \"2023-07-20T13:01:38.269Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-32265\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T13:05:58.689Z\", \"dateReserved\": \"2023-05-05T14:42:20.153Z\", \"assignerOrgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"datePublished\": \"2023-07-20T13:01:38.269Z\", \"assignerShortName\": \"OpenText\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…