CVE-2020-7196 Vulnerability Details

  /     /     /  

CVE-2020-7196 Metadata Quick Info

CVE Published: 26/10/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: hpe | Vendor: n/a | Product: BlueData EPIC Software; HPE Ezmeral Container Platform
Status : PUBLISHED

---

CVE-2020-7196 Description

The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: remote disclosure of privileged information
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).