CVE-2021-44848

Опубликовано: 13 дек. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Средний

Описание

In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.

Ссылки

http://packetstormsecurity.com/files/165327/Cibele-Thinfinity-VirtualUI-2.5.41.0-User-Enumeration.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/cybelesoft/virtualui/issues/1
Issue Tracking
Third Party Advisory
http://packetstormsecurity.com/files/165327/Cibele-Thinfinity-VirtualUI-2.5.41.0-User-Enumeration.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/cybelesoft/virtualui/issues/1
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cybelesoft:thinfinity_virtualui:*:*:*:*:*:*:*:*

Версия до 3.0 (исключая)

EPSS

Процентиль: 96%

0.24587

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-qhw5-g2xc-xpwq