Vulnerability Details CVE-2020-7196
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 28.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-7196
-
cpe:2.3:a:hp:bluedata_epic:4.0
-
cpe:2.3:a:hp:ezmeral_container_platform:5.0