2024-05-07 18:03:28 +00:00
{
"id" : "CVE-2024-33856" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2024-05-07T16:15:08.010" ,
2024-07-03 02:03:28 +00:00
"lastModified" : "2024-07-03T01:58:59.643" ,
2024-05-07 22:03:27 +00:00
"vulnStatus" : "Awaiting Analysis" ,
2024-07-03 02:03:28 +00:00
"cveTags" : [ ] ,
2024-05-07 18:03:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint."
2024-05-12 02:03:21 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se descubri\u00f3 un problema en Logpoint antes de 7.4.0. Un atacante puede enumerar una lista v\u00e1lida de nombres de usuario observando el tiempo de respuesta en el endpoint de Forgot Password."
2024-05-07 18:03:28 +00:00
}
] ,
2024-07-03 02:03:28 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.3 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 3.9 ,
"impactScore" : 1.4
}
]
} ,
"weaknesses" : [
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-204"
}
]
}
] ,
2024-05-07 18:03:28 +00:00
"references" : [
{
"url" : "https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center" ,
"source" : "cve@mitre.org"
}
]
}
