CVE-2020-9523 - Vulnerability Details

Vendors	Products
Microfocus	Enterprise Developer Enterprise Server

Link	Providers
https://softwaresupport.softwaregrp.com/doc/KM03634936

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Enterprise developer and server.", "vendor": "n/a", "versions": [{"status": "affected", "version": "All version prior to version 4.0 Patch Update 16, and version 5.0 Patch Update 6."}]}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security."}], "problemTypes": [{"descriptions": [{"description": "Insufficiently protected credentials", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:26", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2020-9523", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Enterprise developer and server.", "version": {"version_data": [{"version_value": "All version prior to version 4.0 Patch Update 16, and version 5.0 Patch Update 6."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficiently protected credentials"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/doc/KM03634936", "refsource": "MISC", "url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:34:38.203Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2020-9523", "datePublished": "2020-04-17T14:18:04", "dateReserved": "2020-03-01T00:00:00", "dateUpdated": "2024-08-04T10:34:38.203Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Enterprise developer and server. (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : All version prior to version 4.0 Patch Update 16, and version 5.0 Patch Update 6. (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Insufficiently protected credentials (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-01-06T16:15:26 (string)

orgId : f81092c5-7f14-476d-80dc-24857f90be84 (string)

shortName : microfocus (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://softwaresupport.softwaregrp.com/doc/KM03634936 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@microfocus.com (string)

ID : CVE-2020-9523 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Enterprise developer and server. (string)

version : { »

version_data : [ »

0 : { »

version_value : All version prior to version 4.0 Patch Update 16, and version 5.0 Patch Update 6. (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Insufficiently protected credentials (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://softwaresupport.softwaregrp.com/doc/KM03634936 (string)

refsource : MISC (string)

url : https://softwaresupport.softwaregrp.com/doc/KM03634936 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T10:34:38.203Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://softwaresupport.softwaregrp.com/doc/KM03634936 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : f81092c5-7f14-476d-80dc-24857f90be84 (string)

assignerShortName : microfocus (string)

cveId : CVE-2020-9523 (string)

datePublished : 2020-04-17T14:18:04 (string)

dateReserved : 2020-03-01T00:00:00 (string)

dateUpdated : 2024-08-04T10:34:38.203Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:enterprise_developer:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0E5CE0D-8971-4D61-A021-395A45B2F0E4", "versionEndIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:-:*:*:*:*:*:*", "matchCriteriaId": "53034D98-15C1-4628-90E8-80A8BA25C800", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "C31EF8D8-20FA-4E8D-9C67-AB75680158CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_10:*:*:*:*:*:*", "matchCriteriaId": "6CED357F-3AB5-4DF7-A188-37F7109B7FBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_11:*:*:*:*:*:*", "matchCriteriaId": "1943146C-8F5D-4F63-A214-D05CE108FECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_12:*:*:*:*:*:*", "matchCriteriaId": "DFAB29B5-3E61-4EA5-AE37-5C51BC3052AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_13:*:*:*:*:*:*", "matchCriteriaId": "E0AAB00E-42B5-442E-8C33-713C998BC9AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_14:*:*:*:*:*:*", "matchCriteriaId": "1A4D7425-9F68-4CB8-959D-2B2C8927E595", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_15:*:*:*:*:*:*", "matchCriteriaId": "1FC1F4F3-3B11-44AA-ABA9-EAC09E67F0AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "0C593ACC-80F0-4027-954C-0887549D019D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "C4C180E6-A07A-4368-BA88-2686C4AB510A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "687C1DA0-B34A-4975-8C85-00EAF03E3B95", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "C6E07732-FEFE-4E86-AD5A-348316BAA76E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "86BD60D7-34CF-429C-9F46-7039D2A3AD3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_7:*:*:*:*:*:*", "matchCriteriaId": "386BFB68-2C89-4093-8A7E-D9A838DA716E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_8:*:*:*:*:*:*", "matchCriteriaId": "A0AF5FFC-A062-42ED-B87F-5AA6915FBA03", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_9:*:*:*:*:*:*", "matchCriteriaId": "C3942E78-61A2-4F70-B32B-C2BE31D9055E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:-:*:*:*:*:*:*", "matchCriteriaId": "3C73BDBE-2719-4020-B953-1580BB78CB0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "F043FB8B-665F-409C-9F81-1CCE6501DBC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "C49FA390-A44E-4285-AC90-9D032122CA45", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "50D1B082-D46F-43F7-A6A4-060517F7433E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "437BD37E-3C37-4CB3-8B73-0CC48DD4E4BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "7B82C43A-9BA9-40A9-8A47-3830733F859B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "03D9F8A5-244D-4E7E-8F3D-C231A31524EC", "versionEndIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:-:*:*:*:*:*:*", "matchCriteriaId": "E8F59F96-F1CD-4750-94AE-FF80EAA5C461", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "2C759BA5-B3DA-4C00-83AF-2E9838406832", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_10:*:*:*:*:*:*", "matchCriteriaId": "4B293F46-D8FC-45C5-BA6F-0F0CDA9E477B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_11:*:*:*:*:*:*", "matchCriteriaId": "DF915FCA-6C3C-420C-9DBD-71E228B104ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_12:*:*:*:*:*:*", "matchCriteriaId": "47EE9813-D518-4DDE-9891-39EF5DCF0D15", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_13:*:*:*:*:*:*", "matchCriteriaId": "700A39E4-F051-4CD4-A886-AB09439A1D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_14:*:*:*:*:*:*", "matchCriteriaId": "F52B5A62-B389-43E3-A379-3F1EFC3CE8AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_15:*:*:*:*:*:*", "matchCriteriaId": "63E64A7C-97CF-49CA-A6FB-3F8A9C456B6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "BD78A09A-3CAF-4D5E-9F48-E7C5F3EA2F19", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "0510269B-B6EF-418A-9D6A-5F18202177C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "312625BF-6401-415B-A46B-36DF592749C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "28628C62-DFE7-4719-82DB-492BF896556A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "F83018A3-B5CA-4230-9AB2-EE5B86C54D0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_7:*:*:*:*:*:*", "matchCriteriaId": "6402FBE2-4609-4904-95F5-90B76BEA9F94", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_8:*:*:*:*:*:*", "matchCriteriaId": "F0086334-B0FE-484B-AC62-E89443717504", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_9:*:*:*:*:*:*", "matchCriteriaId": "8986C163-FAED-4EED-B6CD-778FE7C35F95", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:-:*:*:*:*:*:*", "matchCriteriaId": "600A95A6-A1F6-45F1-8856-FB1968E084ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "C465513C-3EBF-4B1B-A6D6-CA4308155D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "3176F896-BFCC-4E7A-AFAC-65A6F5BED2CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "26509099-64D1-4776-8EB8-4C7EC30858AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "9102EDA5-05B1-4D8A-91FE-AEB18D1A568C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "F82BD2CA-1068-41C5-B02D-C44B3F756D00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security."}, {"lang": "es", "value": "Una vulnerabilidad de credenciales insuficientemente protegidas en el desarrollador empresarial y el servidor empresarial de Micro Focus, afectando a todas las versiones anteriores a 4.0 Patch Update 16, y versi\u00f3n 5.0 Patch Update 6. La vulnerabilidad podr\u00eda permitir a un atacante transmitir credenciales del hash para la cuenta de usuario que ejecuta el Micro Focus Directory Server (MFDS) en un sitio arbitrario, comprometiendo la seguridad de esa cuenta."}], "id": "CVE-2020-9523", "lastModified": "2024-11-21T05:40:48.023", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-17T15:15:12.930", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:*:*:*:*:*:*:*:* (string)

matchCriteriaId : E0E5CE0D-8971-4D61-A021-395A45B2F0E4 (string)

versionEndIncluding : 3.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 53034D98-15C1-4628-90E8-80A8BA25C800 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_1:*:*:*:*:*:* (string)

matchCriteriaId : C31EF8D8-20FA-4E8D-9C67-AB75680158CA (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_10:*:*:*:*:*:* (string)

matchCriteriaId : 6CED357F-3AB5-4DF7-A188-37F7109B7FBA (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_11:*:*:*:*:*:* (string)

matchCriteriaId : 1943146C-8F5D-4F63-A214-D05CE108FECC (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_12:*:*:*:*:*:* (string)

matchCriteriaId : DFAB29B5-3E61-4EA5-AE37-5C51BC3052AF (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_13:*:*:*:*:*:* (string)

matchCriteriaId : E0AAB00E-42B5-442E-8C33-713C998BC9AA (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_14:*:*:*:*:*:* (string)

matchCriteriaId : 1A4D7425-9F68-4CB8-959D-2B2C8927E595 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_15:*:*:*:*:*:* (string)

matchCriteriaId : 1FC1F4F3-3B11-44AA-ABA9-EAC09E67F0AE (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_2:*:*:*:*:*:* (string)

matchCriteriaId : 0C593ACC-80F0-4027-954C-0887549D019D (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_3:*:*:*:*:*:* (string)

matchCriteriaId : C4C180E6-A07A-4368-BA88-2686C4AB510A (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_4:*:*:*:*:*:* (string)

matchCriteriaId : 687C1DA0-B34A-4975-8C85-00EAF03E3B95 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_5:*:*:*:*:*:* (string)

matchCriteriaId : C6E07732-FEFE-4E86-AD5A-348316BAA76E (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_6:*:*:*:*:*:* (string)

matchCriteriaId : 86BD60D7-34CF-429C-9F46-7039D2A3AD3F (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_7:*:*:*:*:*:* (string)

matchCriteriaId : 386BFB68-2C89-4093-8A7E-D9A838DA716E (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_8:*:*:*:*:*:* (string)

matchCriteriaId : A0AF5FFC-A062-42ED-B87F-5AA6915FBA03 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:4.0:update_9:*:*:*:*:*:* (string)

matchCriteriaId : C3942E78-61A2-4F70-B32B-C2BE31D9055E (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:5.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 3C73BDBE-2719-4020-B953-1580BB78CB0A (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:5.0:update_1:*:*:*:*:*:* (string)

matchCriteriaId : F043FB8B-665F-409C-9F81-1CCE6501DBC8 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:5.0:update_2:*:*:*:*:*:* (string)

matchCriteriaId : C49FA390-A44E-4285-AC90-9D032122CA45 (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:5.0:update_3:*:*:*:*:*:* (string)

matchCriteriaId : 50D1B082-D46F-43F7-A6A4-060517F7433E (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:5.0:update_4:*:*:*:*:*:* (string)

matchCriteriaId : 437BD37E-3C37-4CB3-8B73-0CC48DD4E4BB (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:microfocus:enterprise_developer:5.0:update_5:*:*:*:*:*:* (string)

matchCriteriaId : 7B82C43A-9BA9-40A9-8A47-3830733F859B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 03D9F8A5-244D-4E7E-8F3D-C231A31524EC (string)

versionEndIncluding : 3.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:-:*:*:*:*:*:* (string)

matchCriteriaId : E8F59F96-F1CD-4750-94AE-FF80EAA5C461 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_1:*:*:*:*:*:* (string)

matchCriteriaId : 2C759BA5-B3DA-4C00-83AF-2E9838406832 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_10:*:*:*:*:*:* (string)

matchCriteriaId : 4B293F46-D8FC-45C5-BA6F-0F0CDA9E477B (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_11:*:*:*:*:*:* (string)

matchCriteriaId : DF915FCA-6C3C-420C-9DBD-71E228B104ED (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_12:*:*:*:*:*:* (string)

matchCriteriaId : 47EE9813-D518-4DDE-9891-39EF5DCF0D15 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_13:*:*:*:*:*:* (string)

matchCriteriaId : 700A39E4-F051-4CD4-A886-AB09439A1D94 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_14:*:*:*:*:*:* (string)

matchCriteriaId : F52B5A62-B389-43E3-A379-3F1EFC3CE8AA (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_15:*:*:*:*:*:* (string)

matchCriteriaId : 63E64A7C-97CF-49CA-A6FB-3F8A9C456B6B (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_2:*:*:*:*:*:* (string)

matchCriteriaId : BD78A09A-3CAF-4D5E-9F48-E7C5F3EA2F19 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_3:*:*:*:*:*:* (string)

matchCriteriaId : 0510269B-B6EF-418A-9D6A-5F18202177C3 (string)

vulnerable : true (boolean)

}

11 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_4:*:*:*:*:*:* (string)

matchCriteriaId : 312625BF-6401-415B-A46B-36DF592749C7 (string)

vulnerable : true (boolean)

}

12 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_5:*:*:*:*:*:* (string)

matchCriteriaId : 28628C62-DFE7-4719-82DB-492BF896556A (string)

vulnerable : true (boolean)

}

13 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_6:*:*:*:*:*:* (string)

matchCriteriaId : F83018A3-B5CA-4230-9AB2-EE5B86C54D0A (string)

vulnerable : true (boolean)

}

14 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_7:*:*:*:*:*:* (string)

matchCriteriaId : 6402FBE2-4609-4904-95F5-90B76BEA9F94 (string)

vulnerable : true (boolean)

}

15 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_8:*:*:*:*:*:* (string)

matchCriteriaId : F0086334-B0FE-484B-AC62-E89443717504 (string)

vulnerable : true (boolean)

}

16 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:4.0:update_9:*:*:*:*:*:* (string)

matchCriteriaId : 8986C163-FAED-4EED-B6CD-778FE7C35F95 (string)

vulnerable : true (boolean)

}

17 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:5.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 600A95A6-A1F6-45F1-8856-FB1968E084ED (string)

vulnerable : true (boolean)

}

18 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:5.0:update_1:*:*:*:*:*:* (string)

matchCriteriaId : C465513C-3EBF-4B1B-A6D6-CA4308155D55 (string)

vulnerable : true (boolean)

}

19 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:5.0:update_2:*:*:*:*:*:* (string)

matchCriteriaId : 3176F896-BFCC-4E7A-AFAC-65A6F5BED2CD (string)

vulnerable : true (boolean)

}

20 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:5.0:update_3:*:*:*:*:*:* (string)

matchCriteriaId : 26509099-64D1-4776-8EB8-4C7EC30858AF (string)

vulnerable : true (boolean)

}

21 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:5.0:update_4:*:*:*:*:*:* (string)

matchCriteriaId : 9102EDA5-05B1-4D8A-91FE-AEB18D1A568C (string)

vulnerable : true (boolean)

}

22 : { »

criteria : cpe:2.3:a:microfocus:enterprise_server:5.0:update_5:*:*:*:*:*:* (string)

matchCriteriaId : F82BD2CA-1068-41C5-B02D-C44B3F756D00 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security. (string)

}

1 : { »

lang : es (string)

value : Una vulnerabilidad de credenciales insuficientemente protegidas en el desarrollador empresarial y el servidor empresarial de Micro Focus, afectando a todas las versiones anteriores a 4.0 Patch Update 16, y versión 5.0 Patch Update 6. La vulnerabilidad podría permitir a un atacante transmitir credenciales del hash para la cuenta de usuario que ejecuta el Micro Focus Directory Server (MFDS) en un sitio arbitrario, comprometiendo la seguridad de esa cuenta. (string)

}

]

id : CVE-2020-9523 (string)

lastModified : 2024-11-21T05:40:48.023 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-04-17T15:15:12.930 (string)

references : [ »

0 : { »

source : security@opentext.com (string)

url : https://softwaresupport.softwaregrp.com/doc/KM03634936 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://softwaresupport.softwaregrp.com/doc/KM03634936 (string)

}

]

sourceIdentifier : security@opentext.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-522 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object