Vulnerability Details CVE-2020-9523
Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2020-9523
-
cpe:2.3:a:microfocus:enterprise_developer:-
-
cpe:2.3:a:microfocus:enterprise_developer:2.0
-
cpe:2.3:a:microfocus:enterprise_developer:2.1
-
cpe:2.3:a:microfocus:enterprise_developer:2.2
-
cpe:2.3:a:microfocus:enterprise_developer:2.3
-
cpe:2.3:a:microfocus:enterprise_developer:3.0
-
cpe:2.3:a:microfocus:enterprise_developer:4.0
-
cpe:2.3:a:microfocus:enterprise_developer:5.0
-
cpe:2.3:a:microfocus:enterprise_server:-
-
cpe:2.3:a:microfocus:enterprise_server:2.0
-
cpe:2.3:a:microfocus:enterprise_server:2.1
-
cpe:2.3:a:microfocus:enterprise_server:2.2
-
cpe:2.3:a:microfocus:enterprise_server:2.3
-
cpe:2.3:a:microfocus:enterprise_server:3.0
-
cpe:2.3:a:microfocus:enterprise_server:4.0
-
cpe:2.3:a:microfocus:enterprise_server:5.0