CVE-2024-23557

Опубликовано: 18 апр. 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 4.3

EPSS Низкий

Описание

HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack.

Ссылки

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112488
Vendor Advisory
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112488
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*

cpe:2.3:a:hcltech:connections:8.0:-:*:*:*:*:*:*

cpe:2.3:a:hcltech:connections:8.0:cumulative_release1:*:*:*:*:*:*

cpe:2.3:a:hcltech:connections:8.0:cumulative_release2:*:*:*:*:*:*

cpe:2.3:a:hcltech:connections:8.0:cumulative_release3:*:*:*:*:*:*

cpe:2.3:a:hcltech:connections:8.0:cumulative_release4:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00382

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

GHSA-3v4v-f26h-73ch

CVSS3: 3.5

github

почти 2 года назад

HCL Connections contains a user enumeration vulnerability. Certain actions could allow an attacker to determine if the user is valid or not, leading to a possible brute force attack.

EPSS

Процентиль: 59%

0.00382

Низкий

3.5 Low

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-200