Our vBulletin migration is complete.
Welcome vBulletin users! All content and user information from the Micro Focus Forums (vBulletin) site has been migrated to this site. READ MORE.

Enterprise Server security fix, October 2018

Enterprise Server security fix, October 2018

CVE-2018-12469: A NULL pointer dereference vulnerabilty, leading to Denial of Service, was found in MFDS.


MFDS issues apply to Micro Focus Enterprise Developer and Micro Focus Enterprise Server versions 2.3 Update 2 and earlier (including older products), 3.0 before Patch Update 12, and 4.0 before Patch Update 2.

Additional usability issues (not security-sensitive) were encountered with the original fix, so Micro Focus recommends 3.0 Patch Update 13 or later, or 4.0 Patch Update 3 or later.

Update to 3.0 Patch Update 12 or later, 4.0 Patch Update 2 or later, or 5.0 (when released) to fix this issue.


Micro Focus would like to thank Tim Thurlings (https://www.linkedin.com/in/timthurlings/) for notifying us of this issue and working with us to investigate it, under a responsible-disclosure policy.


Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2018-10-01 15:29
Updated by:
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.