{ "dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": { "cveId": "CVE-2019-17082", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2019-10-02T00:00:00.000Z", "datePublished": "2024-11-26T19:31:57.665Z", "dateUpdated": "2024-12-17T15:51:44.734Z" }, "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "AccuRev", "vendor": "OpenText™", "versions": [ { "status": "affected", "version": "2017.1" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system\n\nthe vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password.\n\n

This issue affects AccuRev: 2017.1.

" } ], "value": "Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system\n\nthe vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password.\n\nThis issue affects AccuRev: 2017.1." } ], "impacts": [ { "capecId": "CAPEC-115", "descriptions": [ { "lang": "en", "value": "CAPEC-115 Authentication Bypass" } ] } ], "metrics": [ { "cvssV4_0": { "Automatable": "NO", "Recovery": "IRRECOVERABLE", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:I/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-12-17T15:51:44.734Z" }, "references": [ { "url": "https://support.microfocus.com/kb/kmdoc.php?id=KM03544106" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "KM03544106 - AccuRev for LDAP Integration, version 2017.1, access may be granted without a password - CVE-2019-17082\n\n
" } ], "value": "KM03544106 - AccuRev for LDAP Integration, version 2017.1, access may be granted without a password - CVE-2019-17082 https://support.microfocus.com/kb/kmdoc.php" } ], "source": { "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.2.0" } }, "adp": [ { "affected": [ { "vendor": "opentext", "product": "accurev_for_ldap_integration", "cpes": [ "cpe:2.3:a:opentext:accurev_for_ldap_integration:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "versions": [ { "version": "2017.1", "status": "affected" } ] } ], "metrics": [ { "other": { "type": "ssvc", "content": { "timestamp": "2024-11-26T20:11:28.636634Z", "id": "CVE-2019-17082", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "version": "2.0.3" } } } ], "title": "CISA ADP Vulnrichment", "providerMetadata": { "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T20:16:44.532Z" } } ] } }