CVE-2019-17082

CRITICAL EPSS 35.9%

Published Nov 26, 20241y ago · Modified Jun 17, 20261w ago

9.0 CVSS 4.0

Critical

Published Nov 26, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Insufficiently Protected Credentials vulnerability in OpenText™ AccuRev allows Authentication Bypass. When installed on a Linux or Solaris system the vulnerability could allow anyone who knows a valid AccuRev username can use the AccuRev client to login and gain access to AccuRev source control without knowing the user’s password. This issue affects AccuRev: 2017.1.

CVSS Details

Base Score

9.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:I/V:C/RE:M/U:Red

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction P

Scope P

Threat Intelligence

EPSS Exploit Probability

35.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-522

References 1

support.microfocus.com https://support.microfocus.com/kb/kmdoc.php?id=KM03544106

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.