CVE-2020-14494
Last modified
CVE-2020-14494 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.. EPSS estimates a 1.31% chance of exploitation in the next 30 days.
Description
OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication mechanism within the system that does not provide sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openclinic Ga Project | Openclinic Ga | 5.09.02 |
| Openclinic Ga Project | Openclinic Ga | 5.89.05b |
References
- https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01Third Party Advisory, US Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-14494?
How severe is CVE-2020-14494?
How do I fix CVE-2020-14494?
Are you affected by CVE-2020-14494?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST