CVE-2020-9523

EPSS 0.29%
Published 17.04.2020 15:15:12
Last modified 21.11.2024 05:40:48
Source security@opentext.com
Teams watchlist Login
Open Login

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Microfocus ≫ Enterprise Developer Version <= 3.0

Microfocus ≫ Enterprise Developer Version4.0 Update-

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_1

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_10

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_11

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_12

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_13

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_14

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_15

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_2

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_3

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_4

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_5

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_6

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_7

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_8

Microfocus ≫ Enterprise Developer Version4.0 Updateupdate_9

Microfocus ≫ Enterprise Developer Version5.0 Update-

Microfocus ≫ Enterprise Developer Version5.0 Updateupdate_1

Microfocus ≫ Enterprise Developer Version5.0 Updateupdate_2

Microfocus ≫ Enterprise Developer Version5.0 Updateupdate_3

Microfocus ≫ Enterprise Developer Version5.0 Updateupdate_4

Microfocus ≫ Enterprise Developer Version5.0 Updateupdate_5

Microfocus ≫ Enterprise Server Version <= 3.0

Microfocus ≫ Enterprise Server Version4.0 Update-

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_1

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_10

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_11

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_12

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_13

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_14

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_15

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_2

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_3

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_4

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_5

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_6

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_7

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_8

Microfocus ≫ Enterprise Server Version4.0 Updateupdate_9

Microfocus ≫ Enterprise Server Version5.0 Update-

Microfocus ≫ Enterprise Server Version5.0 Updateupdate_1

Microfocus ≫ Enterprise Server Version5.0 Updateupdate_2

Microfocus ≫ Enterprise Server Version5.0 Updateupdate_3

Microfocus ≫ Enterprise Server Version5.0 Updateupdate_4

Microfocus ≫ Enterprise Server Version5.0 Updateupdate_5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.29%	0.519

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

https://softwaresupport.softwaregrp.com/doc/KM03634936

https://nvd.nist.gov/vuln/detail/CVE-2020-9523

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9523

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9523

EUVD