CVE-2020-14484

CRITICAL

OpenClinic GA 5.09.02 and 5.89.05b - Account Lockout Bypass

Title source: llm
STIX 2.1

Description

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01

Scores

CVSS v3 9.8
EPSS 0.0124
EPSS Percentile 65.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-307
Status published
Products (2)
openclinic_ga_project/openclinic_ga 5.09.02
openclinic_ga_project/openclinic_ga 5.89.05b
Published Jul 20, 2020
Tracked Since Feb 18, 2026