{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T17:15:11.227","vulnerabilities":[{"cve":{"id":"CVE-2020-16244","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2020-09-23T14:15:12.727","lastModified":"2024-11-21T05:07:00.843","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords."},{"lang":"es","value":"GE Digital APM Classic, versiones 4.4 y anteriores. La Sal no es usada para el cálculo del hash de contraseñas, haciendo posible descifrar contraseñas. Este fallo de diseño, junto con la vulnerabilidad IDOR, pone a toda la plataforma en alto riesgo porque un usuario autenticado puede recuperar todos los datos de la cuenta de usuario y luego recuperar las contraseñas reales"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-759"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ge:asset_performance_management_classic:*:*:*:*:*:*:*:*","versionEndIncluding":"4.4","matchCriteriaId":"99CB86D1-FBFF-4364-AC40-D9C50745E819"}]}]}],"references":[{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-266-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}