Описание
An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI.
Ссылки
- ExploitThird Party AdvisoryUS Government Resource
- ExploitThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:saviynt:enterprise_identity_cloud:-:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00165
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
CVSS3: 5.3
github
около 4 лет назад
An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI.
EPSS
Процентиль: 38%
0.00165
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-639