Описание
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
Ссылки
- Third Party AdvisoryUS Government Resource
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до fta_9_12_220 (исключая)
cpe:2.3:a:accellion:ftp_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00509
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-204
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them.
EPSS
Процентиль: 66%
0.00509
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-204
CWE-200