Vulnerability Details : CVE-2020-14484
OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass the system’s account lockout protection, which may allow brute force password attacks.
Exploit prediction scoring system (EPSS) score for CVE-2020-14484
Probability of exploitation activity in the next 30 days: 0.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-14484
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-14484
-
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2020-14484
-
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01
OpenClinic GA | CISAThird Party Advisory;US Government Resource
Products affected by CVE-2020-14484
- cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.09.02:*:*:*:*:*:*:*
- cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.89.05b:*:*:*:*:*:*:*