Описание
Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 19.12 (исключая)
cpe:2.3:a:citrix:sharefile:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00446
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
github
больше 3 лет назад
Citrix ShareFile through 19.1 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.
EPSS
Процентиль: 63%
0.00446
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-203