{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2019-17082", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "state": "PUBLISHED", "assignerShortName": "OpenText", "dateReserved": "2019-10-02T00:00:00.000Z", "datePublished": "2024-11-26T19:31:57.665Z", "dateUpdated": "2024-12-17T15:51:44.734Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AccuRev", "vendor": "OpenText\u2122", "versions": [{"status": "affected", "version": "2017.1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficiently Protected Credentials vulnerability in OpenText\u2122 AccuRev allows Authentication Bypass. When <span style=\"background-color: rgb(255, 255, 255);\">installed on a Linux or Solaris system</span>\n\nthe vulnerability could allow&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user\u2019s password.</span>\n\n<p>This issue affects AccuRev: 2017.1.</p>"}], "value": "Insufficiently Protected Credentials vulnerability in OpenText\u2122 AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system\n\nthe vulnerability could allow\u00a0anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user\u2019s password.\n\nThis issue affects AccuRev: 2017.1."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "IRRECOVERABLE", "Safety": "PRESENT", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "RED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:I/V:C/RE:M/U:Red", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-12-17T15:51:44.734Z"}, "references": [{"url": "https://support.microfocus.com/kb/kmdoc.php?id=KM03544106"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.microfocus.com/kb/kmdoc.php?id=KM03544106\">KM03544106 - AccuRev for LDAP Integration, version 2017.1, access may be granted without a password - CVE-2019-17082</a>\n\n<br>"}], "value": "KM03544106 - AccuRev for LDAP Integration, version 2017.1, access may be granted without a password - CVE-2019-17082 https://support.microfocus.com/kb/kmdoc.php"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "opentext", "product": "accurev_for_ldap_integration", "cpes": ["cpe:2.3:a:opentext:accurev_for_ldap_integration:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "2017.1", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-26T20:11:28.636634Z", "id": "CVE-2019-17082", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T20:16:44.532Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-17082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-26T20:11:28.636634Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:opentext:accurev_for_ldap_integration:*:*:*:*:*:*:*:*"], "vendor": "opentext", "product": "accurev_for_ldap_integration", "versions": [{"status": "affected", "version": "2017.1"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-26T20:14:45.888Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "PRESENT", "version": "4.0", "Recovery": "IRRECOVERABLE", "baseScore": 9, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:I/V:C/RE:M/U:Red", "providerUrgency": "RED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenText\u2122", "product": "AccuRev", "versions": [{"status": "affected", "version": "2017.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "KM03544106 - AccuRev for LDAP Integration, version 2017.1, access may be granted without a password - CVE-2019-17082 https://support.microfocus.com/kb/kmdoc.php", "supportingMedia": [{"type": "text/html", "value": "<a target=\"_blank\" rel=\"nofollow\" href=\"https://support.microfocus.com/kb/kmdoc.php?id=KM03544106\">KM03544106 - AccuRev for LDAP Integration, version 2017.1, access may be granted without a password - CVE-2019-17082</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://support.microfocus.com/kb/kmdoc.php?id=KM03544106"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability in OpenText\u2122 AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system\n\nthe vulnerability could allow\u00a0anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user\u2019s password.\n\nThis issue affects AccuRev: 2017.1.", "supportingMedia": [{"type": "text/html", "value": "Insufficiently Protected Credentials vulnerability in OpenText\u2122 AccuRev allows Authentication Bypass. When <span style=\"background-color: rgb(255, 255, 255);\">installed on a Linux or Solaris system</span>\n\nthe vulnerability could allow&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user\u2019s password.</span>\n\n<p>This issue affects AccuRev: 2017.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials"}]}], "providerMetadata": {"orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "OpenText", "dateUpdated": "2024-12-17T15:51:44.734Z"}}}, "cveMetadata": {"cveId": "CVE-2019-17082", "state": "PUBLISHED", "dateUpdated": "2024-12-17T15:51:44.734Z", "dateReserved": "2019-10-02T00:00:00.000Z", "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "datePublished": "2024-11-26T19:31:57.665Z", "assignerShortName": "OpenText"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficiently Protected Credentials vulnerability in OpenText\u2122 AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system\n\nthe vulnerability could allow\u00a0anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user\u2019s password.\n\nThis issue affects AccuRev: 2017.1."}, {"lang": "es", "value": "La vulnerabilidad de falta de autenticaci\u00f3n para funciones cr\u00edticas en AccuRev for LDAP Integration de OpenText\u2122 permite omitir la autenticaci\u00f3n. La vulnerabilidad podr\u00eda permitir que un nombre de usuario v\u00e1lido de AccuRev obtenga acceso al control de origen de AccuRev sin conocer la contrase\u00f1a del usuario. Este problema afecta a AccuRev for LDAP Integration: 2017.1."}], "id": "CVE-2019-17082", "lastModified": "2024-12-17T16:15:21.400", "metrics": {"cvssMetricV40": [{"cvssData": {"attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "RED", "recovery": "IRRECOVERABLE", "safety": "PRESENT", "subsequentSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "HIGH", "subsequentSystemIntegrity": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:I/V:C/RE:M/U:Red", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2024-11-26T20:15:19.957", "references": [{"source": "security@opentext.com", "url": "https://support.microfocus.com/kb/kmdoc.php?id=KM03544106"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "security@opentext.com", "type": "Secondary"}]}

{}