Medium
CVSS: 4.3
A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality wi…
Medium
CVSS: 5.3
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existin…
Medium
CVSS: 5.3
Trivision NC-227WF firmware 5.80 (build 20141010) login mechanism reveals whether a username exists or not by returning different error messages ("Unknown user" vs. "Wrong password"), allowing an attacker to enumerate valid usernames.
Medium
CVSS: 5.3
Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could unintentionally reveal whether a user with the provide…
Medium
CVSS: 5.9
ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks.
PatchesThis vulnerability has…
High
CVSS: 7.5
CWE-204: Observable Response Discrepancy
Medium
CVSS: 6.9
OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in plac…
Medium
CVSS: 5.3
Tuleap is an Open Source Suite created to facilitate management of software development and collaboration. In Tuleap Community Edition prior to version 16.9.99.1750843170 and Tuleap Enterprise Edition prior to 16.8-4 and 16.9-2, the forgot…
Medium
CVSS: 4.3
HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the data of a valid user and a 404 response…
Medium
CVSS: 5.3
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existin…
High
CVSS: 7.5
An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
High
CVSS: 8.8
User names used to access the web management interface are limited to
the device identifier, which is a numerical identifier no more than 10
digits. A malicious actor can enumerate potential targets by
incrementing or decrementing from k…
Medium
CVSS: 5.3
For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an attacker to guess usernames until they find an existin…
Medium
CVSS: 5.3
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.
Medium
CVSS: 5.3
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before…
Low
CVSS: 3.7
Failed login response could be different depending on whether the username was local or central.
Medium
CVSS: 6.9
A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating us…
Medium
CVSS: 5.3
Umbraco is a free and open source .NET content management system. Prior to versions 10.8.10 and 13.8.1, based on an analysis of the timing of post login API responses, it's possible to determine whether an account exists. The issue is patch…
Medium
CVSS: 5.5
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account…
Medium
CVSS: 6.9
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.21.0), Mendix Runtime V10.12 (All versions < V10.12.16), Mendix Runtime V10.18 (All versions < V10.18.5), Mendix Runtime V10.6 (All versions < V10.6.22), Mendix R…