CVE-2018-14597

Опубликовано: 17 окт. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names.

Ссылки

http://www.securityfocus.com/bid/105688
Third Party Advisory
VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/105688
Third Party Advisory
VDB Entry
https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:broadcom:ca_identity_governance:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.2 (включая)

cpe:2.3:a:broadcom:ca_identity_governance:12.6:*:*:*:*:*:*:*

cpe:2.3:a:broadcom:ca_identity_suite_virtual_appliance:*:*:*:*:*:*:*:*

Версия от 14.0 (включая) до 14.2 (включая)

EPSS

Процентиль: 42%

0.00203

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

CWE-200

Связанные уязвимости

GHSA-8f6w-3r97-qgc7