CVE-2022-24032

{"id": "CVE-2022-24032", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2022-01-30T01:15:07.587", "references": [{"url": "https://github.com/jdordonezn/CVE-2022-24032/issues/1", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/jdordonezn/CVE-2022-24032/issues/1", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid."}, {"lang": "es", "value": "Adenza AxiomSL ControllerView versiones hasta 10.8.1, es vulnerable a la enumeraci\u00f3n de usuarios. Un atacante puede identificar nombres de usuario v\u00e1lidos en la plataforma porque un intento fallido de inicio de sesi\u00f3n produce un mensaje de error diferente cuando el nombre de usuario es v\u00e1lido"}], "lastModified": "2024-11-21T06:49:41.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adenza:axiomsl_controllerview:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FAD32F7-19F3-4D52-9ADE-E84D743515D8", "versionEndIncluding": "10.8.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}