CVE-2025-67806

Low CVSS: 3.7

The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behavior in newer versions.

Vendor

Product

CWE

Yayın Tarihi

2026-04-01 16:23:48

Güncelleme

2026-04-03 16:11:11

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

LOW 2026

Referanslar

https://pastebin.com/Tk4LgMG2 https://www.sagedpw.at/