Micro Focus Open Enterprise Server directory traversal vulnerability CVE-2017-5182.

  • 7018503
  • 20-Jan-2017
  • 20-Jan-2017

Environment

Micro Focus Open Enterprise Server 2 (OES 2) Linux
Micro Focus Open Enterprise Server 11 (OES 11) Linux
Micro Focus Open Enterprise Server 2015 (OES 2015) Linux

Situation

The "Illinois Department of Innovation & Technology, Division of Information Security", has reported a directory traversal vulnerability issue in Remote Manager (NRM) that affects all versions of Open Enterprise Server.

This vulnerability has been given the following identifier : CVE-2017-5182.

Resolution

The reported problem has been fixed with an update to Remote Manager.

- For current versions of OES (being: OES11 SP2, OES11 SP3, OES2015 & OES2015 SP1, the "January 2017 Hot Patch for NRM" is now available in the respective update repositories.
- For OES2 SP3 customers, "January 2017 OES2 SP3 Hot Patch for NRM" has been made available as separate download here.
- For other older unsupported versions of OES, a patch is not available.

Cause

Feedback service temporarily unavailable. For content questions or problems, please contact Support.