CVE-2020-7196

MEDIUM

HP Bluedata Epic < 4.0 - Information Disclosure

Title source: rule

Description

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

References (1)

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn04049en_us

Scores

CVSS v3 6.5

EPSS 0.0016

EPSS Percentile 36.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-200

Status published

Affected Products (2)

hp/bluedata_epic < 4.0

hp/ezmeral_container_platform

Timeline

Published Oct 26, 2020

Tracked Since Feb 18, 2026