CVE-2020-9518 - OpenCVE

Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microfocus	Service Manager

Configuration 1 [-]

cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://softwaresupport.softwaregrp.com/doc/KM03607792

History

No history.

MITRE

Status: PUBLISHED

Assigner: microfocus

Published: 2020-03-16T13:01:28

Updated: 2024-08-04T10:34:39.574Z

Reserved: 2020-03-01T00:00:00

Link: CVE-2020-9518

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-03-16T14:15:14.727

Modified: 2023-11-07T03:26:56.417

Link: CVE-2020-9518

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Service Manager (Web Tier).", "vendor": "Micro Focus International", "versions": [{"status": "affected", "version": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"}]}], "descriptions": [{"lang": "en", "value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."}], "problemTypes": [{"descriptions": [{"description": "Login filter can access configuration files", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-16T13:01:28", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "ID": "CVE-2020-9518", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Service Manager (Web Tier).", "version": {"version_data": [{"version_value": "9.50, 9.51, 9.52, 9.60, 9.61, 9.62"}]}}]}, "vendor_name": "Micro Focus International"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Login filter can access configuration files"}]}]}, "references": {"reference_data": [{"name": "https://softwaresupport.softwaregrp.com/doc/KM03607792", "refsource": "MISC", "url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:34:39.574Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"}]}]}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2020-9518", "datePublished": "2020-03-16T13:01:28", "dateReserved": "2020-03-01T00:00:00", "dateUpdated": "2024-08-04T10:34:39.574Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:service_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F3F2DA8C-6646-4BBE-B94D-D7B9AE797F97", "versionEndIncluding": "9.62", "versionStartIncluding": "9.50", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data."}, {"lang": "es", "value": "Una vulnerabilidad del filtro de inicio de sesi\u00f3n que puede acceder los archivos de configuraci\u00f3n en Micro Focus Service Manager (Web Tier), afectando a las versiones 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. La vulnerabilidad podr\u00eda ser explotada para permitir acceso no autorizado a los datos de configuraci\u00f3n."}], "id": "CVE-2020-9518", "lastModified": "2023-11-07T03:26:56.417", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-16T14:15:14.727", "references": [{"source": "security@opentext.com", "url": "https://softwaresupport.softwaregrp.com/doc/KM03607792"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}