CVE-2025-67807

Medium CVSS: 4.7

The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administrators can toggle this behaviour in newer versions.

Vendor

Product

CWE

CWE-204

Yayın Tarihi

2026-04-01 16:23:48

Güncelleme

2026-04-03 16:11:11

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-204 MEDIUM 2026

Referanslar

https://pastebin.com/Tk4LgMG2 https://www.sagedpw.at/