FKIE_CVE-2020-9523
Vulnerability from fkie_nvd - Published: 2020-04-17 15:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E5CE0D-8971-4D61-A021-395A45B2F0E4",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "53034D98-15C1-4628-90E8-80A8BA25C800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "C31EF8D8-20FA-4E8D-9C67-AB75680158CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_10:*:*:*:*:*:*",
"matchCriteriaId": "6CED357F-3AB5-4DF7-A188-37F7109B7FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_11:*:*:*:*:*:*",
"matchCriteriaId": "1943146C-8F5D-4F63-A214-D05CE108FECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_12:*:*:*:*:*:*",
"matchCriteriaId": "DFAB29B5-3E61-4EA5-AE37-5C51BC3052AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_13:*:*:*:*:*:*",
"matchCriteriaId": "E0AAB00E-42B5-442E-8C33-713C998BC9AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_14:*:*:*:*:*:*",
"matchCriteriaId": "1A4D7425-9F68-4CB8-959D-2B2C8927E595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_15:*:*:*:*:*:*",
"matchCriteriaId": "1FC1F4F3-3B11-44AA-ABA9-EAC09E67F0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "0C593ACC-80F0-4027-954C-0887549D019D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "C4C180E6-A07A-4368-BA88-2686C4AB510A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "687C1DA0-B34A-4975-8C85-00EAF03E3B95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "C6E07732-FEFE-4E86-AD5A-348316BAA76E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_6:*:*:*:*:*:*",
"matchCriteriaId": "86BD60D7-34CF-429C-9F46-7039D2A3AD3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "386BFB68-2C89-4093-8A7E-D9A838DA716E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_8:*:*:*:*:*:*",
"matchCriteriaId": "A0AF5FFC-A062-42ED-B87F-5AA6915FBA03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_9:*:*:*:*:*:*",
"matchCriteriaId": "C3942E78-61A2-4F70-B32B-C2BE31D9055E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3C73BDBE-2719-4020-B953-1580BB78CB0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "F043FB8B-665F-409C-9F81-1CCE6501DBC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "C49FA390-A44E-4285-AC90-9D032122CA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "50D1B082-D46F-43F7-A6A4-060517F7433E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "437BD37E-3C37-4CB3-8B73-0CC48DD4E4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "7B82C43A-9BA9-40A9-8A47-3830733F859B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03D9F8A5-244D-4E7E-8F3D-C231A31524EC",
"versionEndIncluding": "3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E8F59F96-F1CD-4750-94AE-FF80EAA5C461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "2C759BA5-B3DA-4C00-83AF-2E9838406832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_10:*:*:*:*:*:*",
"matchCriteriaId": "4B293F46-D8FC-45C5-BA6F-0F0CDA9E477B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_11:*:*:*:*:*:*",
"matchCriteriaId": "DF915FCA-6C3C-420C-9DBD-71E228B104ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_12:*:*:*:*:*:*",
"matchCriteriaId": "47EE9813-D518-4DDE-9891-39EF5DCF0D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_13:*:*:*:*:*:*",
"matchCriteriaId": "700A39E4-F051-4CD4-A886-AB09439A1D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_14:*:*:*:*:*:*",
"matchCriteriaId": "F52B5A62-B389-43E3-A379-3F1EFC3CE8AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_15:*:*:*:*:*:*",
"matchCriteriaId": "63E64A7C-97CF-49CA-A6FB-3F8A9C456B6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "BD78A09A-3CAF-4D5E-9F48-E7C5F3EA2F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "0510269B-B6EF-418A-9D6A-5F18202177C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "312625BF-6401-415B-A46B-36DF592749C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "28628C62-DFE7-4719-82DB-492BF896556A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_6:*:*:*:*:*:*",
"matchCriteriaId": "F83018A3-B5CA-4230-9AB2-EE5B86C54D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_7:*:*:*:*:*:*",
"matchCriteriaId": "6402FBE2-4609-4904-95F5-90B76BEA9F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_8:*:*:*:*:*:*",
"matchCriteriaId": "F0086334-B0FE-484B-AC62-E89443717504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_9:*:*:*:*:*:*",
"matchCriteriaId": "8986C163-FAED-4EED-B6CD-778FE7C35F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "600A95A6-A1F6-45F1-8856-FB1968E084ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "C465513C-3EBF-4B1B-A6D6-CA4308155D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "3176F896-BFCC-4E7A-AFAC-65A6F5BED2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "26509099-64D1-4776-8EB8-4C7EC30858AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_4:*:*:*:*:*:*",
"matchCriteriaId": "9102EDA5-05B1-4D8A-91FE-AEB18D1A568C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_5:*:*:*:*:*:*",
"matchCriteriaId": "F82BD2CA-1068-41C5-B02D-C44B3F756D00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account\u0027s security."
},
{
"lang": "es",
"value": "Una vulnerabilidad de credenciales insuficientemente protegidas en el desarrollador empresarial y el servidor empresarial de Micro Focus, afectando a todas las versiones anteriores a 4.0 Patch Update 16, y versi\u00f3n 5.0 Patch Update 6. La vulnerabilidad podr\u00eda permitir a un atacante transmitir credenciales del hash para la cuenta de usuario que ejecuta el Micro Focus Directory Server (MFDS) en un sitio arbitrario, comprometiendo la seguridad de esa cuenta."
}
],
"id": "CVE-2020-9523",
"lastModified": "2024-11-21T05:40:48.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-17T15:15:12.930",
"references": [
{
"source": "security@opentext.com",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"
}
],
"sourceIdentifier": "security@opentext.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…