CVE-2024-33856

Опубликовано: 07 мая 2024

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.

Ссылки

https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint
Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center
Product
https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint
Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*

Версия до 7.4.0 (исключая)

EPSS

Процентиль: 58%

0.00368

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-204

Связанные уязвимости

GHSA-h455-phph-2r6j