CVE-2019-17082

Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1.

CVSS

No CVSS.

References

Link	Resource
https://support.microfocus.com/kb/kmdoc.php?id=KM03544106

Configurations

No configuration.

History

17 Dec 2024, 16:15

Type	Values Removed	Values Added
CWE	~~CWE-306~~	CWE-522
Summary	(en) Missing Authentication for Critical Function vulnerability in OpenText™ AccuRev for LDAP Integration allows Authentication Bypass. The vulnerability could allow a valid AccuRev username to gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev for LDAP Integration: 2017.1.	(en) Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1.

Information

Published : 2024-11-26 20:15

Updated : 2024-12-17 16:15

NVD link : CVE-2019-17082

Mitre link : CVE-2019-17082

CVE.ORG link : CVE-2019-17082

JSON object : View

Products Affected

No product.

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2019-17082", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@opentext.com", "cvssData": {"safety": "PRESENT", "version": "4.0", "recovery": "IRRECOVERABLE", "baseScore": 9.0, "automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:I/V:C/RE:M/U:Red", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "RED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "HIGH", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "subsequentSystemAvailability": "HIGH", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-11-26T20:15:19.957", "references": [{"url": "https://support.microfocus.com/kb/kmdoc.php?id=KM03544106", "source": "security@opentext.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@opentext.com", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability in OpenText\u2122 AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system\n\nthe vulnerability could allow\u00a0anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user\u2019s password.\n\nThis issue affects AccuRev: 2017.1."}, {"lang": "es", "value": "La vulnerabilidad de falta de autenticaci\u00f3n para funciones cr\u00edticas en AccuRev for LDAP Integration de OpenText\u2122 permite omitir la autenticaci\u00f3n. La vulnerabilidad podr\u00eda permitir que un nombre de usuario v\u00e1lido de AccuRev obtenga acceso al control de origen de AccuRev sin conocer la contrase\u00f1a del usuario. Este problema afecta a AccuRev for LDAP Integration: 2017.1."}], "lastModified": "2024-12-17T16:15:21.400", "sourceIdentifier": "security@opentext.com"}