CVE-2020-9523

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microfocusCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
microfocusenterprise_developer
𝑥
≤ 3.0
microfocusenterprise_developer
4.0
microfocusenterprise_developer
4.0:update_1
microfocusenterprise_developer
4.0:update_10
microfocusenterprise_developer
4.0:update_11
microfocusenterprise_developer
4.0:update_12
microfocusenterprise_developer
4.0:update_13
microfocusenterprise_developer
4.0:update_14
microfocusenterprise_developer
4.0:update_15
microfocusenterprise_developer
4.0:update_2
microfocusenterprise_developer
4.0:update_3
microfocusenterprise_developer
4.0:update_4
microfocusenterprise_developer
4.0:update_5
microfocusenterprise_developer
4.0:update_6
microfocusenterprise_developer
4.0:update_7
microfocusenterprise_developer
4.0:update_8
microfocusenterprise_developer
4.0:update_9
microfocusenterprise_developer
5.0
microfocusenterprise_developer
5.0:update_1
microfocusenterprise_developer
5.0:update_2
microfocusenterprise_developer
5.0:update_3
microfocusenterprise_developer
5.0:update_4
microfocusenterprise_developer
5.0:update_5
microfocusenterprise_server
𝑥
≤ 3.0
microfocusenterprise_server
4.0
microfocusenterprise_server
4.0:update_1
microfocusenterprise_server
4.0:update_10
microfocusenterprise_server
4.0:update_11
microfocusenterprise_server
4.0:update_12
microfocusenterprise_server
4.0:update_13
microfocusenterprise_server
4.0:update_14
microfocusenterprise_server
4.0:update_15
microfocusenterprise_server
4.0:update_2
microfocusenterprise_server
4.0:update_3
microfocusenterprise_server
4.0:update_4
microfocusenterprise_server
4.0:update_5
microfocusenterprise_server
4.0:update_6
microfocusenterprise_server
4.0:update_7
microfocusenterprise_server
4.0:update_8
microfocusenterprise_server
4.0:update_9
microfocusenterprise_server
5.0
microfocusenterprise_server
5.0:update_1
microfocusenterprise_server
5.0:update_2
microfocusenterprise_server
5.0:update_3
microfocusenterprise_server
5.0:update_4
microfocusenterprise_server
5.0:update_5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://softwaresupport.softwaregrp.com/doc/KM03634936
https://softwaresupport.softwaregrp.com/doc/KM03634936