CVE-2020-9523
Published Apr 17, 2020
Last updated a year ago
Overview
- Description
- Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.
- Source
- security@opentext.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-522
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0E5CE0D-8971-4D61-A021-395A45B2F0E4",
"versionEndIncluding": "3.0"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53034D98-15C1-4628-90E8-80A8BA25C800"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C31EF8D8-20FA-4E8D-9C67-AB75680158CA"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CED357F-3AB5-4DF7-A188-37F7109B7FBA"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1943146C-8F5D-4F63-A214-D05CE108FECC"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFAB29B5-3E61-4EA5-AE37-5C51BC3052AF"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0AAB00E-42B5-442E-8C33-713C998BC9AA"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A4D7425-9F68-4CB8-959D-2B2C8927E595"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FC1F4F3-3B11-44AA-ABA9-EAC09E67F0AE"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C593ACC-80F0-4027-954C-0887549D019D"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4C180E6-A07A-4368-BA88-2686C4AB510A"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "687C1DA0-B34A-4975-8C85-00EAF03E3B95"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6E07732-FEFE-4E86-AD5A-348316BAA76E"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "86BD60D7-34CF-429C-9F46-7039D2A3AD3F"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "386BFB68-2C89-4093-8A7E-D9A838DA716E"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0AF5FFC-A062-42ED-B87F-5AA6915FBA03"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3942E78-61A2-4F70-B32B-C2BE31D9055E"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C73BDBE-2719-4020-B953-1580BB78CB0A"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F043FB8B-665F-409C-9F81-1CCE6501DBC8"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C49FA390-A44E-4285-AC90-9D032122CA45"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50D1B082-D46F-43F7-A6A4-060517F7433E"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "437BD37E-3C37-4CB3-8B73-0CC48DD4E4BB"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B82C43A-9BA9-40A9-8A47-3830733F859B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03D9F8A5-244D-4E7E-8F3D-C231A31524EC",
"versionEndIncluding": "3.0"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8F59F96-F1CD-4750-94AE-FF80EAA5C461"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C759BA5-B3DA-4C00-83AF-2E9838406832"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B293F46-D8FC-45C5-BA6F-0F0CDA9E477B"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF915FCA-6C3C-420C-9DBD-71E228B104ED"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47EE9813-D518-4DDE-9891-39EF5DCF0D15"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "700A39E4-F051-4CD4-A886-AB09439A1D94"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F52B5A62-B389-43E3-A379-3F1EFC3CE8AA"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63E64A7C-97CF-49CA-A6FB-3F8A9C456B6B"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD78A09A-3CAF-4D5E-9F48-E7C5F3EA2F19"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0510269B-B6EF-418A-9D6A-5F18202177C3"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "312625BF-6401-415B-A46B-36DF592749C7"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28628C62-DFE7-4719-82DB-492BF896556A"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F83018A3-B5CA-4230-9AB2-EE5B86C54D0A"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6402FBE2-4609-4904-95F5-90B76BEA9F94"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0086334-B0FE-484B-AC62-E89443717504"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8986C163-FAED-4EED-B6CD-778FE7C35F95"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "600A95A6-A1F6-45F1-8856-FB1968E084ED"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C465513C-3EBF-4B1B-A6D6-CA4308155D55"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3176F896-BFCC-4E7A-AFAC-65A6F5BED2CD"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26509099-64D1-4776-8EB8-4C7EC30858AF"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9102EDA5-05B1-4D8A-91FE-AEB18D1A568C"
},
{
"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F82BD2CA-1068-41C5-B02D-C44B3F756D00"
}
],
"operator": "OR"
}
]
}
]