CVE-2020-7962

{"id": "CVE-2020-7962", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-11-13T19:15:12.173", "references": [{"url": "https://cxsecurity.com/issue/WLB-2020050185", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://cxsecurity.com/issue/WLB-2020050185", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answers for a user. It is possible for an attacker to detect a valid answer based on the HTTP response content, and reuse this answer later for a password reset on a chosen password. The enumeration is possible because, within the HTTP response content, WRONG ID is only returned when the answer is incorrect."}, {"lang": "es", "value": "Se detect\u00f3 un problema en One Identity Password Manager versi\u00f3n 5.8. Un atacante podr\u00eda enumerar respuestas v\u00e1lidas para un usuario. Es posible para un atacante detectar una respuesta v\u00e1lida basada en el contenido de la respuesta HTTP y reutilizar esta respuesta m\u00e1s tarde para restablecer la contrase\u00f1a de una contrase\u00f1a elegida. La enumeraci\u00f3n es posible porque, dentro del contenido de la respuesta HTTP, un WRONG ID es solo devuelto cuando la respuesta es incorrecta"}], "lastModified": "2024-11-21T05:38:05.957", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oneidentity:password_manager:5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5748FA10-B6EE-4F49-B612-55A08CCD5907"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}