PT-2024-10724 · Opentext · Opentext Accurev

Published

2024-11-26

Updated

2024-12-17

CVE-2019-17082

CVSS v4.0

9.0

Critical

Vector

AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:I/V:C/RE:M/U:Red

Name of the Vulnerable Software and Affected Versions OpenText AccuRev version 2017.1

Description The issue allows authentication bypass, enabling anyone with knowledge of a valid AccuRev username to gain access to AccuRev source control without knowing the user's password. This can occur when the software is installed on a Linux or Solaris system.

Recommendations For version 2017.1, update to a newer version to mitigate the risk, as the current version allows authentication bypass.

Fix

Missing Authentication

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-522

Related Identifiers

CVE-2019-17082

Affected Products

Opentext Accurev

PT-2024-10724 · Opentext · Opentext Accurev

CVE-2019-17082

Weakness Enumeration

Related Identifiers

Affected Products

References · 4