CVE-2020-9523 (GCVE-0-2020-9523)
Vulnerability from cvelistv5
Published
2020-04-17 14:18
Modified
2024-08-04 10:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Insufficiently protected credentials
Summary
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Enterprise developer and server. |
Version: All version prior to version 4.0 Patch Update 16, and version 5.0 Patch Update 6. |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:34:38.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Enterprise developer and server.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All version prior to version 4.0 Patch Update 16, and version 5.0 Patch Update 6."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account\u0027s security."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficiently protected credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-06T16:15:26",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "microfocus"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@microfocus.com",
"ID": "CVE-2020-9523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Enterprise developer and server.",
"version": {
"version_data": [
{
"version_value": "All version prior to version 4.0 Patch Update 16, and version 5.0 Patch Update 6."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account\u0027s security."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficiently protected credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/doc/KM03634936",
"refsource": "MISC",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "microfocus",
"cveId": "CVE-2020-9523",
"datePublished": "2020-04-17T14:18:04",
"dateReserved": "2020-03-01T00:00:00",
"dateUpdated": "2024-08-04T10:34:38.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-9523\",\"sourceIdentifier\":\"security@opentext.com\",\"published\":\"2020-04-17T15:15:12.930\",\"lastModified\":\"2024-11-21T05:40:48.023\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account\u0027s security.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de credenciales insuficientemente protegidas en el desarrollador empresarial y el servidor empresarial de Micro Focus, afectando a todas las versiones anteriores a 4.0 Patch Update 16, y versi\u00f3n 5.0 Patch Update 6. La vulnerabilidad podr\u00eda permitir a un atacante transmitir credenciales del hash para la cuenta de usuario que ejecuta el Micro Focus Directory Server (MFDS) en un sitio arbitrario, comprometiendo la seguridad de esa cuenta.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-522\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0\",\"matchCriteriaId\":\"E0E5CE0D-8971-4D61-A021-395A45B2F0E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"53034D98-15C1-4628-90E8-80A8BA25C800\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C31EF8D8-20FA-4E8D-9C67-AB75680158CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CED357F-3AB5-4DF7-A188-37F7109B7FBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"1943146C-8F5D-4F63-A214-D05CE108FECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFAB29B5-3E61-4EA5-AE37-5C51BC3052AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0AAB00E-42B5-442E-8C33-713C998BC9AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A4D7425-9F68-4CB8-959D-2B2C8927E595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FC1F4F3-3B11-44AA-ABA9-EAC09E67F0AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C593ACC-80F0-4027-954C-0887549D019D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4C180E6-A07A-4368-BA88-2686C4AB510A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"687C1DA0-B34A-4975-8C85-00EAF03E3B95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6E07732-FEFE-4E86-AD5A-348316BAA76E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"86BD60D7-34CF-429C-9F46-7039D2A3AD3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"386BFB68-2C89-4093-8A7E-D9A838DA716E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0AF5FFC-A062-42ED-B87F-5AA6915FBA03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:4.0:update_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"C3942E78-61A2-4F70-B32B-C2BE31D9055E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C73BDBE-2719-4020-B953-1580BB78CB0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:5.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F043FB8B-665F-409C-9F81-1CCE6501DBC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:5.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C49FA390-A44E-4285-AC90-9D032122CA45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:5.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"50D1B082-D46F-43F7-A6A4-060517F7433E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:5.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"437BD37E-3C37-4CB3-8B73-0CC48DD4E4BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_developer:5.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B82C43A-9BA9-40A9-8A47-3830733F859B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0\",\"matchCriteriaId\":\"03D9F8A5-244D-4E7E-8F3D-C231A31524EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8F59F96-F1CD-4750-94AE-FF80EAA5C461\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C759BA5-B3DA-4C00-83AF-2E9838406832\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_10:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B293F46-D8FC-45C5-BA6F-0F0CDA9E477B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_11:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF915FCA-6C3C-420C-9DBD-71E228B104ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_12:*:*:*:*:*:*\",\"matchCriteriaId\":\"47EE9813-D518-4DDE-9891-39EF5DCF0D15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_13:*:*:*:*:*:*\",\"matchCriteriaId\":\"700A39E4-F051-4CD4-A886-AB09439A1D94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_14:*:*:*:*:*:*\",\"matchCriteriaId\":\"F52B5A62-B389-43E3-A379-3F1EFC3CE8AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_15:*:*:*:*:*:*\",\"matchCriteriaId\":\"63E64A7C-97CF-49CA-A6FB-3F8A9C456B6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD78A09A-3CAF-4D5E-9F48-E7C5F3EA2F19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0510269B-B6EF-418A-9D6A-5F18202177C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"312625BF-6401-415B-A46B-36DF592749C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"28628C62-DFE7-4719-82DB-492BF896556A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_6:*:*:*:*:*:*\",\"matchCriteriaId\":\"F83018A3-B5CA-4230-9AB2-EE5B86C54D0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_7:*:*:*:*:*:*\",\"matchCriteriaId\":\"6402FBE2-4609-4904-95F5-90B76BEA9F94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_8:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0086334-B0FE-484B-AC62-E89443717504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:4.0:update_9:*:*:*:*:*:*\",\"matchCriteriaId\":\"8986C163-FAED-4EED-B6CD-778FE7C35F95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:5.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"600A95A6-A1F6-45F1-8856-FB1968E084ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:5.0:update_1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C465513C-3EBF-4B1B-A6D6-CA4308155D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:5.0:update_2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3176F896-BFCC-4E7A-AFAC-65A6F5BED2CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:5.0:update_3:*:*:*:*:*:*\",\"matchCriteriaId\":\"26509099-64D1-4776-8EB8-4C7EC30858AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:5.0:update_4:*:*:*:*:*:*\",\"matchCriteriaId\":\"9102EDA5-05B1-4D8A-91FE-AEB18D1A568C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microfocus:enterprise_server:5.0:update_5:*:*:*:*:*:*\",\"matchCriteriaId\":\"F82BD2CA-1068-41C5-B02D-C44B3F756D00\"}]}]}],\"references\":[{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03634936\",\"source\":\"security@opentext.com\"},{\"url\":\"https://softwaresupport.softwaregrp.com/doc/KM03634936\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…