PT-2020-20713 · Micro Focus · Micro Focus Enterprise Server+2
Published
2020-04-17
·
Updated
2020-04-28
·
CVE-2020-9523
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Micro Focus Enterprise Developer and Enterprise Server versions prior to 4.0 Patch Update 16
Micro Focus Enterprise Developer and Enterprise Server version 5.0 Patch Update 6
Description
The issue is related to insufficiently protected credentials, which could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.
Recommendations
For versions prior to 4.0 Patch Update 16, update to 4.0 Patch Update 16 or later to resolve the issue.
For version 5.0 Patch Update 6, update to a version later than 5.0 Patch Update 6 to resolve the issue.
Fix
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Micro Focus Directory Server
Micro Focus Enterprise Developer
Micro Focus Enterprise Server