exploitDog

CVE-2023-26071

Опубликовано: 28 мар. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. That allow an unauthorized actor to perform User Enumeration attacks.

Ссылки

https://www.gruppotim.it/it/footer/red-team.html
Broken Link
https://vuldb.com/?id.224303
Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:harpaitalia:mcuboict:*:*:*:*:*:*:*:*

Версия до 10.12.4 (включая)

EPSS

Процентиль: 32%

0.00123

Низкий

7.5 High

CVSS3

Дефекты

CWE-203

CWE-203

Связанные уязвимости

GHSA-c4mr-95m6-w2mf

CVSS3: 7.5

github

почти 3 года назад

An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. That allow an unauthorized actor to perform User Enumeration attacks.

EPSS

Процентиль: 32%

0.00123

Низкий

7.5 High

CVSS3

Дефекты

CWE-203

CWE-203