CVE-2020-25838

Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information.

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.0 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://softwaresupport.softwaregrp.com/doc/KM03767186

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microfocus:filr::::::::
	cpe:2.3:a:microfocus:filr::::::::

History

No history.

Information

Published : 2020-12-11 02:15

Updated : 2023-11-07 03:20

NVD link : CVE-2020-25838

Mitre link : CVE-2020-25838

CVE.ORG link : CVE-2020-25838

JSON object : View

Products Affected

microfocus

filr

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-25838", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-12-11T02:15:11.350", "references": [{"url": "https://softwaresupport.softwaregrp.com/doc/KM03767186", "source": "security@opentext.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial no autorizada en el producto Micro Focus Filr. Afectando a todas las versiones 3.x y 4.x. La vulnerabilidad podr\u00eda ser explotada para revelar informaci\u00f3n confidencial no autorizada"}], "lastModified": "2023-11-07T03:20:26.873", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:filr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1D990CF-ADAD-4684-BCF7-793AC866A448", "versionEndExcluding": "3.4.8", "versionStartIncluding": "3.0"}, {"criteria": "cpe:2.3:a:microfocus:filr:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0919AB56-74F9-4C71-818E-EE12207E3B72", "versionEndExcluding": "4.2.1.1.1", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}