CVE-2010-1221

Опубликовано: 07 апр. 2010

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.

Комментарий

Per: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869

'The first vulnerability, CVE-2010-1221, occurs due to a lack of authentication. An attacker can make a SOAP request to enumerate user names. This vulnerability has a low risk rating and affects r12.0 and r12.5 XOsoft products.'

Ссылки

http://www.securityfocus.com/archive/1/510564/100/0/threaded
http://www.securityfocus.com/bid/39244
Patch
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/510564/100/0/threaded
http://www.securityfocus.com/bid/39244
Patch
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ca:xosoft_content_distribution:r12.0:*:*:*:*:*:*:*

cpe:2.3:a:ca:xosoft_content_distribution:r12.5:*:*:*:*:*:*:*

cpe:2.3:a:ca:xosoft_high_availability:r12.0:*:*:*:*:*:*:*

cpe:2.3:a:ca:xosoft_high_availability:r12.5:*:*:*:*:*:*:*

cpe:2.3:a:ca:xosoft_replication:r12.0:*:*:*:*:*:*:*

cpe:2.3:a:ca:xosoft_replication:r12.5:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00308

Низкий

5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-g63r-3cmh-r499

github

почти 4 года назад