Enterprise Server security fix, October 2018
CVE-2018-12469: A NULL pointer dereference vulnerabilty, leading to Denial of Service, was found in MFDS.
MFDS issues apply to Micro Focus Enterprise Developer and Micro Focus Enterprise Server versions 2.3 Update 2 and earlier (including older products), 3.0 before Patch Update 12, and 4.0 before Patch Update 2.
Additional usability issues (not security-sensitive) were encountered with the original fix, so Micro Focus recommends 3.0 Patch Update 13 or later, or 4.0 Patch Update 3 or later.
Update to 3.0 Patch Update 12 or later, 4.0 Patch Update 2 or later, or 5.0 (when released) to fix this issue.
Micro Focus would like to thank Tim Thurlings (https://www.linkedin.com/in/timthurlings/) for notifying us of this issue and working with us to investigate it, under a responsible-disclosure policy.