CVE-2019-17082 CRITICAL

CVE-2019-17082

Vendor Opentext™
Product AccuRev
Weakness CWE-522 · Insufficiently protected credentials
Published November 26, 2024
Last update December 17, 2024

CVSS base score

9.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:N/R:I/V:C/RE:M/U:Red

What the vulnerability does

01Description

Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1.

Key dates

02Disclosure timeline

November 26, 2024 CVE published
December 17, 2024 Record updated