CVE-2020-9523

HIGH

Micro Focus Enterprise Developer < 4.0 Patch Update 16 and 5.0 < Patch Update 6 - Insufficiently Protected Credentials

Title source: llm

Description

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.

References (1)

Core 1

Core References

Various Sources x_refsource_misc

https://softwaresupport.softwaregrp.com/doc/KM03634936

Scores

CVSS v3 8.8

EPSS 0.0029

EPSS Percentile 52.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-522

Status published

Products (6)

microfocus/enterprise_developer 4.0 (16 CPE variants)

microfocus/enterprise_developer 5.0 (6 CPE variants)

microfocus/enterprise_developer < 3.0

microfocus/enterprise_server 4.0 (16 CPE variants)

microfocus/enterprise_server 5.0 (6 CPE variants)

microfocus/enterprise_server < 3.0

Published Apr 17, 2020

Tracked Since Feb 18, 2026