CVE-2020-9404

HIGH

PACTware < 4.1 SP6 and 5.0-5.0.5.31 - Insufficiently Protected Credentials

Title source: llm

Description

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://pactware.com/fileadmin/user_upload/Cyber-Security-Documents/2020-05-29_published_PWC_CyberSecurityNotifications-CVE-2020-9403-9404__002_.pdf

Scores

CVSS v3 7.1

EPSS 0.0028

EPSS Percentile 19.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-522

Status published

Products (5)

pactware/pactware 2.4 sp5

pactware/pactware 3.0 sp4

pactware/pactware 3.5

pactware/pactware 3.6 sp1

pactware/pactware 5.0 - 5.0.5.31

Published Aug 11, 2020

Tracked Since Feb 18, 2026