CVE-2020-9404

HIGH

Pactware < 5.0.5.31 - Insufficiently Protected Credentials

Title source: rule

Description

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords.

References (1)

[Vendor Advisory] https://pactware.com/fileadmin/user_upload/Cyber-Security-Documents/2020-05-29_published_PWC_CyberSecurityNotifications-CVE-2020-9403-9404__002_.pdf

Scores

CVSS v3 7.1

EPSS 0.0005

EPSS Percentile 15.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Classification

CWE

CWE-522

Status published

Affected Products (5)

pactware/pactware < 5.0.5.31

pactware/pactware

Timeline

Published Aug 11, 2020

Tracked Since Feb 18, 2026