Microfocus Cobol Server vulnerabilities
2 known vulnerabilities affecting microfocus/cobol_server.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-4501P2CRITICALCVSS 9.8v7.0v8.0+1 more2023-09-12
CVE-2023-4501 [CRITICAL] CWE-253 CVE-2023-4501: User authentication with username and password credentials is ineffective in OpenText (Micro Focus)
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication
nvd
CVE-2023-32265P3MEDIUMCVSS 6.5v6.0v7.0+1 more2023-07-20
CVE-2023-32265 [MEDIUM] CVE-2023-32265: A potential security vulnerability has been identified in the Enterprise Server Common Web Administ
A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.
An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide
nvd