CVE-2020-9523

Published Apr 17, 2020
Last updated 3 months ago
CVSS high 8.8
Overview

Description: Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.
Source: security@opentext.com
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-522
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0E5CE0D-8971-4D61-A021-395A45B2F0E4",
            "versionEndIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53034D98-15C1-4628-90E8-80A8BA25C800"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C31EF8D8-20FA-4E8D-9C67-AB75680158CA"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CED357F-3AB5-4DF7-A188-37F7109B7FBA"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1943146C-8F5D-4F63-A214-D05CE108FECC"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFAB29B5-3E61-4EA5-AE37-5C51BC3052AF"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0AAB00E-42B5-442E-8C33-713C998BC9AA"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A4D7425-9F68-4CB8-959D-2B2C8927E595"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FC1F4F3-3B11-44AA-ABA9-EAC09E67F0AE"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C593ACC-80F0-4027-954C-0887549D019D"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4C180E6-A07A-4368-BA88-2686C4AB510A"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "687C1DA0-B34A-4975-8C85-00EAF03E3B95"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6E07732-FEFE-4E86-AD5A-348316BAA76E"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86BD60D7-34CF-429C-9F46-7039D2A3AD3F"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "386BFB68-2C89-4093-8A7E-D9A838DA716E"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0AF5FFC-A062-42ED-B87F-5AA6915FBA03"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3942E78-61A2-4F70-B32B-C2BE31D9055E"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C73BDBE-2719-4020-B953-1580BB78CB0A"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F043FB8B-665F-409C-9F81-1CCE6501DBC8"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C49FA390-A44E-4285-AC90-9D032122CA45"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50D1B082-D46F-43F7-A6A4-060517F7433E"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "437BD37E-3C37-4CB3-8B73-0CC48DD4E4BB"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B82C43A-9BA9-40A9-8A47-3830733F859B"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03D9F8A5-244D-4E7E-8F3D-C231A31524EC",
            "versionEndIncluding": "3.0"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8F59F96-F1CD-4750-94AE-FF80EAA5C461"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C759BA5-B3DA-4C00-83AF-2E9838406832"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B293F46-D8FC-45C5-BA6F-0F0CDA9E477B"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF915FCA-6C3C-420C-9DBD-71E228B104ED"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47EE9813-D518-4DDE-9891-39EF5DCF0D15"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "700A39E4-F051-4CD4-A886-AB09439A1D94"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_14:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F52B5A62-B389-43E3-A379-3F1EFC3CE8AA"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_15:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63E64A7C-97CF-49CA-A6FB-3F8A9C456B6B"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD78A09A-3CAF-4D5E-9F48-E7C5F3EA2F19"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0510269B-B6EF-418A-9D6A-5F18202177C3"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "312625BF-6401-415B-A46B-36DF592749C7"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28628C62-DFE7-4719-82DB-492BF896556A"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F83018A3-B5CA-4230-9AB2-EE5B86C54D0A"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6402FBE2-4609-4904-95F5-90B76BEA9F94"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0086334-B0FE-484B-AC62-E89443717504"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8986C163-FAED-4EED-B6CD-778FE7C35F95"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "600A95A6-A1F6-45F1-8856-FB1968E084ED"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C465513C-3EBF-4B1B-A6D6-CA4308155D55"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3176F896-BFCC-4E7A-AFAC-65A6F5BED2CD"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26509099-64D1-4776-8EB8-4C7EC30858AF"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9102EDA5-05B1-4D8A-91FE-AEB18D1A568C"
          },
          {
            "criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F82BD2CA-1068-41C5-B02D-C44B3F756D00"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
