CVE-2020-26526

{"id": "CVE-2020-26526", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-10-02T20:15:13.190", "references": [{"url": "https://github.com/lukaszstu/SmartAsset-UE-CVE-2020-26526", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://smartasset.com/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://support.damstratechnology.com/hc/en-us/categories/900000115446-SmartAsset-Damstra-Asset-Management-Platform", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/lukaszstu/SmartAsset-UE-CVE-2020-26526", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://smartasset.com/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.damstratechnology.com/hc/en-us/categories/900000115446-SmartAsset-Damstra-Asset-Management-Platform", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid (\"Unable to find an APIDomain\" versus \"Wrong email or password\")."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Damstra Smart Asset versi\u00f3n 2020.7. Es posible enumerar nombres de usuario v\u00e1lidos en la p\u00e1gina de inicio de sesi\u00f3n. La aplicaci\u00f3n env\u00eda una respuesta de servidor diferente cuando el nombre de usuario no es v\u00e1lido que cuando el nombre de usuario es v\u00e1lido (\"Unable to find an APIDomain\" versus \"Wrong email or password\")"}], "lastModified": "2024-11-21T05:20:01.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:damstratechnology:smart_asset:2020.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB0C9567-ED1F-42EE-8ED5-87BD3A8B8E19"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}