Missing Authentication for Critical Function... · CVE-2019-17082 · GitHub Advisory Database · GitHub

Missing Authentication for Critical Function...

Critical severity Unreviewed Published Nov 26, 2024 to the GitHub Advisory Database • Updated Nov 26, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Missing Authentication for Critical Function vulnerability in OpenText™ AccuRev for LDAP Integration allows Authentication Bypass. The vulnerability could allow

a valid AccuRev username to gain access to AccuRev source control without knowing the user’s password.

This issue affects AccuRev for LDAP Integration: 2017.1.

References

Published by the National Vulnerability Database

Nov 26, 2024

Published to the GitHub Advisory Database Nov 26, 2024

Last updated Nov 26, 2024

Severity

Critical

/ 10

CVSS v4 base metrics

Exploitability Metrics

Attack Vector Network

Attack Complexity High

Attack Requirements None

Privileges Required None

User interaction Passive

Vulnerable System Impact Metrics

Confidentiality High

Integrity High

Availability High

Subsequent System Impact Metrics

Confidentiality High

Integrity High

Availability High

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:N/R:I/V:C/RE:M/U:Red