CVE-2023-32265 (GCVE-0-2023-32265)
Vulnerability from cvelistv5
Published
2023-07-20 13:01
Modified
2024-10-21 13:05
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue. Given the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.
References
Impacted products
Vendor Product Version
Micro Focus Enterprise Server Version: 6.0    6.0 update 24
Version: 7.0    7.0 update 17
Version: 8.0    8.0 update 6
 Create a notification for this product.
   Micro Focus Enterprise Test Server Version: 6.0    6.0 update 24
Version: 7.0    7.0 update 17
Version: 8.0    8.0 update 6
 Create a notification for this product.
   Micro Focus Enterprise Developer Version: 6.0    6.0 update 24
Version: 7.0    7.0 update 17
Version: 8.0    8.0 update 6
 Create a notification for this product.
   Micro Focus Visual COBOL Version: 6.0    6.0 update 24
Version: 7.0    7.0 update 17
Version: 8.0    8.0 update 6
 Create a notification for this product.
   Micro Focus COBOL Server Version: 6.0    6.0 update 24
Version: 7.0    7.0 update 17
Version: 8.0    8.0 update 6
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:10:24.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://portal.microfocus.com/s/article/KM000019323?language=en_US"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32265",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-21T13:04:02.427181Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T13:05:58.689Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Enterprise Server",
          "vendor": "Micro Focus",
          "versions": [
            {
              "lessThanOrEqual": "6.0 update 24",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0 update 17",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0 update 6",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Enterprise Test Server",
          "vendor": "Micro Focus",
          "versions": [
            {
              "lessThanOrEqual": "6.0 update 24",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0 update 17",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0 update 6",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Enterprise Developer",
          "vendor": "Micro Focus",
          "versions": [
            {
              "lessThanOrEqual": "6.0 update 24",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0 update 17",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0 update 6",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Visual COBOL",
          "vendor": "Micro Focus",
          "versions": [
            {
              "lessThanOrEqual": "6.0 update 24",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0 update 17",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0 update 6",
              "status": "affected",
              "version": "8.0 ",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "COBOL Server",
          "vendor": "Micro Focus",
          "versions": [
            {
              "lessThanOrEqual": "6.0 update 24",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0 update 17",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0 update 6",
              "status": "affected",
              "version": "8.0 ",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Richard R Rohrkemper III @Early Warning Security "
        }
      ],
      "datePublic": "2023-07-19T13:50:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\u00e2\u20ac\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\nAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\u00e2\u20ac\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\n\nGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\n\n"
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Password exposure for service account"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-20T13:01:38.269Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://portal.microfocus.com/s/article/KM000019323?language=en_US"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eEnterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.\u003c/span\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nEnterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.\n\n\n"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Mitigations and availability of updates relating to security vulnerability in ESCWA component CVE-2023-32265.",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2023-32265",
    "datePublished": "2023-07-20T13:01:38.269Z",
    "dateReserved": "2023-05-05T14:42:20.153Z",
    "dateUpdated": "2024-10-21T13:05:58.689Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-32265\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2023-07-20T14:15:11.193\",\"lastModified\":\"2024-11-21T08:03:00.267\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\\nAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\u00e2\u20ac\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\\n\\nGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@opentext.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:cobol_server:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3126671E-BE13-4240-B51F-C6FC9F3BABCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:cobol_server:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD7DBDAA-E0C3-44E7-897F-59ED52990741\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:cobol_server:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2BBD33-F853-494F-98FA-F5436AA6D4B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF035EDF-2882-49C0-BABA-BA74169077CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E523EE6-1949-4890-97AD-6C06062115B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E411AFF-F1FF-4548-B2F0-DC15016FCACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"681ED2CA-D5DE-4828-AD4C-22042927AD56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"B43620BE-A850-4CB8-958E-802744DAE5EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F47D3F3-6779-4501-B53D-A423F325BC7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_test_server:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F25363C5-6E2E-4A96-A6C7-4111ECCDC452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_test_server:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADC1491E-5BCB-4FB2-864E-3246C5F2ABEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_test_server:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"08FD4630-9410-4335-9F07-A05D92CAB9B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:visual_cobol:6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A60B87CD-A7FC-4761-A2F3-702EDE8AFA2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:visual_cobol:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3440F8D5-194F-4592-A847-859353250DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:visual_cobol:8.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"512DEAD9-6ABF-42FC-AD28-6F1BD039B8D9\"}]}]}],\"references\":[{\"url\":\"https://portal.microfocus.com/s/article/KM000019323?language=en_US\",\"source\":\"security@opentext.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://portal.microfocus.com/s/article/KM000019323?language=en_US\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.microfocus.com/s/article/KM000019323?language=en_US\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:10:24.245Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-32265\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-21T13:04:02.427181Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-21T13:05:51.597Z\"}}], \"cna\": {\"title\": \"Mitigations and availability of updates relating to security vulnerability in ESCWA component CVE-2023-32265.\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Richard R Rohrkemper III @Early Warning Security \"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Password exposure for service account\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Micro Focus\", \"product\": \"Enterprise Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Micro Focus\", \"product\": \"Enterprise Test Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Micro Focus\", \"product\": \"Enterprise Developer\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Micro Focus\", \"product\": \"Visual COBOL\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0 \", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Micro Focus\", \"product\": \"COBOL Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.0 update 24\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"7.0 update 17\"}, {\"status\": \"affected\", \"version\": \"8.0 \", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.0 update 6\"}], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\nEnterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eEnterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server Versions 6.0, 7.0, and 8.0 all include a fix for this issue in their latest released patch updates.\u003c/span\u003e\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2023-07-19T13:50:00.000Z\", \"references\": [{\"url\": \"https://portal.microfocus.com/s/article/KM000019323?language=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\\nAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\\u00e2\\u20ac\\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\\n\\nGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\u003c/span\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users\\u00e2\\u20ac\\u2122 permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\u003c/span\u003e\\n\\n\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"shortName\": \"OpenText\", \"dateUpdated\": \"2023-07-20T13:01:38.269Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-32265\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-21T13:05:58.689Z\", \"dateReserved\": \"2023-05-05T14:42:20.153Z\", \"assignerOrgId\": \"f81092c5-7f14-476d-80dc-24857f90be84\", \"datePublished\": \"2023-07-20T13:01:38.269Z\", \"assignerShortName\": \"OpenText\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.