{"containers": {"cna": {"affected": [{"product": "Enterprise developer and server.", "vendor": "n/a", "versions": [{"status": "affected", "version": "All version prior to version 4.0 Patch Update 16, and version 5.0 Patch Update 6."}]}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security."}], "problemTypes": [{"descriptions": [{"description": "Insufficiently protected credentials", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:26", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2020-9523", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Enterprise developer and server.", "version": {"version_data": [{"version_value": "All version prior to version 4.0 Patch Update 16, and version 5.0 Patch Update 6."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficiently protected credentials"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/doc/KM03634936", "refsource": "MISC", "url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"}]}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2020-9523", "datePublished": "2020-04-17T14:18:04", "dateReserved": "2020-03-01T00:00:00", "dateUpdated": "2021-01-06T16:15:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:enterprise_developer:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0E5CE0D-8971-4D61-A021-395A45B2F0E4", "versionEndIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:-:*:*:*:*:*:*", "matchCriteriaId": "53034D98-15C1-4628-90E8-80A8BA25C800", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "C31EF8D8-20FA-4E8D-9C67-AB75680158CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_10:*:*:*:*:*:*", "matchCriteriaId": "6CED357F-3AB5-4DF7-A188-37F7109B7FBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_11:*:*:*:*:*:*", "matchCriteriaId": "1943146C-8F5D-4F63-A214-D05CE108FECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_12:*:*:*:*:*:*", "matchCriteriaId": "DFAB29B5-3E61-4EA5-AE37-5C51BC3052AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_13:*:*:*:*:*:*", "matchCriteriaId": "E0AAB00E-42B5-442E-8C33-713C998BC9AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_14:*:*:*:*:*:*", "matchCriteriaId": "1A4D7425-9F68-4CB8-959D-2B2C8927E595", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_15:*:*:*:*:*:*", "matchCriteriaId": "1FC1F4F3-3B11-44AA-ABA9-EAC09E67F0AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "0C593ACC-80F0-4027-954C-0887549D019D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "C4C180E6-A07A-4368-BA88-2686C4AB510A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "687C1DA0-B34A-4975-8C85-00EAF03E3B95", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "C6E07732-FEFE-4E86-AD5A-348316BAA76E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "86BD60D7-34CF-429C-9F46-7039D2A3AD3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_7:*:*:*:*:*:*", "matchCriteriaId": "386BFB68-2C89-4093-8A7E-D9A838DA716E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_8:*:*:*:*:*:*", "matchCriteriaId": "A0AF5FFC-A062-42ED-B87F-5AA6915FBA03", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:4.0:update_9:*:*:*:*:*:*", "matchCriteriaId": "C3942E78-61A2-4F70-B32B-C2BE31D9055E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:-:*:*:*:*:*:*", "matchCriteriaId": "3C73BDBE-2719-4020-B953-1580BB78CB0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "F043FB8B-665F-409C-9F81-1CCE6501DBC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "C49FA390-A44E-4285-AC90-9D032122CA45", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "50D1B082-D46F-43F7-A6A4-060517F7433E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "437BD37E-3C37-4CB3-8B73-0CC48DD4E4BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_developer:5.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "7B82C43A-9BA9-40A9-8A47-3830733F859B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:enterprise_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "03D9F8A5-244D-4E7E-8F3D-C231A31524EC", "versionEndIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:-:*:*:*:*:*:*", "matchCriteriaId": "E8F59F96-F1CD-4750-94AE-FF80EAA5C461", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "2C759BA5-B3DA-4C00-83AF-2E9838406832", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_10:*:*:*:*:*:*", "matchCriteriaId": "4B293F46-D8FC-45C5-BA6F-0F0CDA9E477B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_11:*:*:*:*:*:*", "matchCriteriaId": "DF915FCA-6C3C-420C-9DBD-71E228B104ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_12:*:*:*:*:*:*", "matchCriteriaId": "47EE9813-D518-4DDE-9891-39EF5DCF0D15", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_13:*:*:*:*:*:*", "matchCriteriaId": "700A39E4-F051-4CD4-A886-AB09439A1D94", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_14:*:*:*:*:*:*", "matchCriteriaId": "F52B5A62-B389-43E3-A379-3F1EFC3CE8AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_15:*:*:*:*:*:*", "matchCriteriaId": "63E64A7C-97CF-49CA-A6FB-3F8A9C456B6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "BD78A09A-3CAF-4D5E-9F48-E7C5F3EA2F19", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "0510269B-B6EF-418A-9D6A-5F18202177C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "312625BF-6401-415B-A46B-36DF592749C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "28628C62-DFE7-4719-82DB-492BF896556A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_6:*:*:*:*:*:*", "matchCriteriaId": "F83018A3-B5CA-4230-9AB2-EE5B86C54D0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_7:*:*:*:*:*:*", "matchCriteriaId": "6402FBE2-4609-4904-95F5-90B76BEA9F94", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_8:*:*:*:*:*:*", "matchCriteriaId": "F0086334-B0FE-484B-AC62-E89443717504", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:4.0:update_9:*:*:*:*:*:*", "matchCriteriaId": "8986C163-FAED-4EED-B6CD-778FE7C35F95", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:-:*:*:*:*:*:*", "matchCriteriaId": "600A95A6-A1F6-45F1-8856-FB1968E084ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_1:*:*:*:*:*:*", "matchCriteriaId": "C465513C-3EBF-4B1B-A6D6-CA4308155D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_2:*:*:*:*:*:*", "matchCriteriaId": "3176F896-BFCC-4E7A-AFAC-65A6F5BED2CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_3:*:*:*:*:*:*", "matchCriteriaId": "26509099-64D1-4776-8EB8-4C7EC30858AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "9102EDA5-05B1-4D8A-91FE-AEB18D1A568C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microfocus:enterprise_server:5.0:update_5:*:*:*:*:*:*", "matchCriteriaId": "F82BD2CA-1068-41C5-B02D-C44B3F756D00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security."}, {"lang": "es", "value": "Una vulnerabilidad de credenciales insuficientemente protegidas en el desarrollador empresarial y el servidor empresarial de Micro Focus, afectando a todas las versiones anteriores a 4.0 Patch Update 16, y versi\u00f3n 5.0 Patch Update 6. La vulnerabilidad podr\u00eda permitir a un atacante transmitir credenciales del hash para la cuenta de usuario que ejecuta el Micro Focus Directory Server (MFDS) en un sitio arbitrario, comprometiendo la seguridad de esa cuenta."}], "id": "CVE-2020-9523", "lastModified": "2023-11-07T03:26:57.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-17T15:15:12.930", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/doc/KM03634936"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}