CVE-2020-26526

Опубликовано: 02 окт. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password").

Ссылки

https://github.com/lukaszstu/SmartAsset-UE-CVE-2020-26526
Third Party Advisory
https://smartasset.com/
Vendor Advisory
https://support.damstratechnology.com/hc/en-us/categories/900000115446-SmartAsset-Damstra-Asset-Management-Platform
Vendor Advisory
https://github.com/lukaszstu/SmartAsset-UE-CVE-2020-26526
Third Party Advisory
https://smartasset.com/
Vendor Advisory
https://support.damstratechnology.com/hc/en-us/categories/900000115446-SmartAsset-Damstra-Asset-Management-Platform
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:damstratechnology:smart_asset:2020.7:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00472

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-38c2-vx55-m3wp

github

больше 3 лет назад