CVE-2020-7196
N/A
N/A
Summary
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/".
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | BlueData EPIC Software; HPE Ezmeral Container Platform | 4.0 and earlier | affected |
| n/a | BlueData EPIC Software; HPE Ezmeral Container Platform | 5.0 | affected |
Weaknesses
- remote disclosure of privileged information
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.