CVE-2020-9523

HIGH

Microfocus Enterprise Developer - Insufficiently Protected Credentials

Title source: rule

Description

Insufficiently protected credentials vulnerability on Micro Focus enterprise developer and enterprise server, affecting all version prior to 4.0 Patch Update 16, and version 5.0 Patch Update 6. The vulnerability could allow an attacker to transmit hashed credentials for the user account running the Micro Focus Directory Server (MFDS) to an arbitrary site, compromising that account's security.

References (1)

Scores

CVSS v3 8.8
EPSS 0.0029
EPSS Percentile 52.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-522
Status published

Affected Products (46)

microfocus/enterprise_developer < 3.0
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
microfocus/enterprise_developer
... and 31 more

Timeline

Published Apr 17, 2020
Tracked Since Feb 18, 2026