CVE-2019-17082

Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1.

CVSS

No CVSS.

References

Link	Resource
https://support.microfocus.com/kb/kmdoc.php?id=KM03544106

Configurations

No configuration.

History

No history.

Information

Published : 2024-11-26 20:15

Updated : 2024-12-17 16:15

NVD link : CVE-2019-17082

Mitre link : CVE-2019-17082

CVE.ORG link : CVE-2019-17082

JSON object : View

Products Affected

No product.

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2019-17082", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"Safety": "PRESENT", "version": "4.0", "Recovery": "IRRECOVERABLE", "baseScore": 9.0, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:I/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-11-26T20:15:19.957", "references": [{"url": "https://support.microfocus.com/kb/kmdoc.php?id=KM03544106", "source": "security@opentext.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability in OpenText\u2122 AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system\n\nthe vulnerability could allow\u00a0anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user\u2019s password.\n\nThis issue affects AccuRev: 2017.1."}, {"lang": "es", "value": "La vulnerabilidad de falta de autenticaci\u00f3n para funciones cr\u00edticas en AccuRev for LDAP Integration de OpenText\u2122 permite omitir la autenticaci\u00f3n. La vulnerabilidad podr\u00eda permitir que un nombre de usuario v\u00e1lido de AccuRev obtenga acceso al control de origen de AccuRev sin conocer la contrase\u00f1a del usuario. Este problema afecta a AccuRev for LDAP Integration: 2017.1."}], "lastModified": "2024-12-17T16:15:21.400", "sourceIdentifier": "security@opentext.com"}

CVE-2019-17082

JSON object

Attach tags to CVE-2019-17082

Attach tags to `CVE-2019-17082`