Verastream Host Integrator Information Disclosure Vulnerability (CVE-2020-11842)

  • 7024567
  • 16-Apr-2020
  • 01-May-2020

Environment

Verastream Host Integrator, versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49)

Situation

An information disclosure vulnerability has been identified in Verastream Host Integrator (VHI). The vulnerability allows unauthenticated attackers to view information they may not have been authorized to view. This vulnerability affects VHI versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49).

Resolution

An update, VHI 7.8 Update 1, fixes this vulnerability and is available to maintained customers from the downloads website, https://download.attachmate.com/upgrades. Micro Focus recommends that customers upgrade as soon as possible. Customers that generated code using VHI’s Web Builder with the project type "HTML5 Web Application" should contact Support for additional advice, and should regenerate that code after applying the update.

Status

Security Alert

Additional Information

CVSS Version 3.1 and Version 2.0 Base Metrics:   

 

Reference 

V3 Vector 

V3 Base Score 

V2 Vector 

V2 Base Score 

CVE-2020-11842 

 

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N&version=3.1 

5.3 

https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 

5.0