Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101069 | Third Party Advisory VDB Entry |
https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf | Vendor Advisory |
http://www.securityfocus.com/bid/101069 | Third Party Advisory VDB Entry |
https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf | Vendor Advisory |
Configurations
History
21 Nov 2024, 03:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/101069 - Third Party Advisory, VDB Entry | |
References | () https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf - Vendor Advisory |
Information
Published : 2017-10-03 01:29
Updated : 2024-11-21 03:13
NVD link : CVE-2017-14772
Mitre link : CVE-2017-14772
CVE.ORG link : CVE-2017-14772
JSON object : View
Products Affected
skyboxsecurity
- skybox_manager_client_application
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor