CVE-2020-25840 - Vulnerability Details

Vendors	Products
Microfocus	Access Manager

Link	Providers
https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Access Manager.", "vendor": "n/a", "versions": [{"status": "affected", "version": "All version prior version 5.0."}]}], "descriptions": [{"lang": "en", "value": "Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction."}], "problemTypes": [{"descriptions": [{"description": "Cross-Site scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-26T13:41:51", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2020-25840", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Access Manager.", "version": {"version_data": [{"version_value": "All version prior version 5.0."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site scripting"}]}]}, "references": {"reference_data": [{"name": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html", "refsource": "MISC", "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:40:36.945Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2020-25840", "datePublished": "2021-03-26T13:41:51", "dateReserved": "2020-09-23T00:00:00", "dateUpdated": "2024-08-04T15:40:36.945Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Access Manager. (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : All version prior version 5.0. (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Cross-Site scripting (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-03-26T13:41:51 (string)

orgId : f81092c5-7f14-476d-80dc-24857f90be84 (string)

shortName : microfocus (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@microfocus.com (string)

ID : CVE-2020-25840 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Access Manager. (string)

version : { »

version_data : [ »

0 : { »

version_value : All version prior version 5.0. (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Cross-Site scripting (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html (string)

refsource : MISC (string)

url : https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T15:40:36.945Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f81092c5-7f14-476d-80dc-24857f90be84 (string)

assignerShortName : microfocus (string)

cveId : CVE-2020-25840 (string)

datePublished : 2021-03-26T13:41:51 (string)

dateReserved : 2020-09-23T00:00:00 (string)

dateUpdated : 2024-08-04T15:40:36.945Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "B3A53E36-0652-4D66-B500-588777280039", "versionEndExcluding": "5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site scripting en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0.&#xa0;La vulnerabilidad podr\u00eda causar una destrucci\u00f3n de la configuraci\u00f3n."}], "id": "CVE-2020-25840", "lastModified": "2024-11-21T05:18:52.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-26T14:15:11.903", "references": [{"source": "security@opentext.com", "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microfocus:access_manager:*:*:*:*:*:*:*:* (string)

matchCriteriaId : B3A53E36-0652-4D66-B500-588777280039 (string)

versionEndExcluding : 5.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de tipo Cross-Site scripting en el producto Micro Focus Access Manager afecta a todas las versiones anteriores a 5.0. La vulnerabilidad podría causar una destrucción de la configuración. (string)

}

]

id : CVE-2020-25840 (string)

lastModified : 2024-11-21T05:18:52.897 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 4.3 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-03-26T14:15:11.903 (string)

references : [ »

0 : { »

source : security@opentext.com (string)

url : https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.microfocus.com/documentation/access-manager/5.0/accessmanager50-release-notes/accessmanager50-release-notes.html (string)

}

]

sourceIdentifier : security@opentext.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object