Verastream Host Integrator Information Disclosure Vulnerability (CVE-2020-11842)

Document ID:7024567
Creation Date:16-Apr-2020
Modified Date:01-May-2020
- Micro Focus Products:
  Verastream Host Integrator (VHI)

Environment

Verastream Host Integrator, versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49)

Situation

An information disclosure vulnerability has been identified in Verastream Host Integrator (VHI). The vulnerability allows unauthenticated attackers to view information they may not have been authorized to view. This vulnerability affects VHI versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49).

Resolution

An update, VHI 7.8 Update 1, fixes this vulnerability and is available to maintained customers from the downloads website, https://download.attachmate.com/upgrades. Micro Focus recommends that customers upgrade as soon as possible. Customers that generated code using VHI’s Web Builder with the project type "HTML5 Web Application" should contact Support for additional advice, and should regenerate that code after applying the update.

Status

Security Alert

Additional Information

CVSS Version 3.1 and Version 2.0 Base Metrics:

Reference

V3 Vector

V3 Base Score

V2 Vector

V2 Base Score

CVE-2020-11842

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N&version=3.1

5.3

https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N)

5.0