Vulnerabilities (CVE)

Filtered by CWE-204
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33859 1 Ibm 1 Security Qradar Edr 2024-11-21 N/A 5.3 MEDIUM
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.
CVE-2023-32346 1 Teltonika 1 Remote Management System 2024-11-21 N/A 5.3 MEDIUM
Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System.
CVE-2023-27283 2024-11-21 N/A 5.3 MEDIUM
IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. IBM X-Force ID: 248545.
CVE-2022-41697 1 Ghost 1 Ghost 2024-11-21 N/A 5.3 MEDIUM
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.
CVE-2022-31248 1 Suse 1 Manager Server 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1.
CVE-2022-22520 2 Helmholz, Mbconnectline 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more 2024-11-21 N/A 5.3 MEDIUM
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
CVE-2021-20556 2024-11-21 N/A 5.3 MEDIUM
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. IBM X-Force ID: 199181.
CVE-2022-20633 2024-11-18 N/A 5.3 MEDIUM
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2023-49069 2024-11-12 N/A 5.3 MEDIUM
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.
CVE-2024-47129 1 Gotenna 1 Gotenna Pro 2024-10-17 N/A 4.3 MEDIUM
The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.
CVE-2024-41715 1 Gotenna 1 Atak Plugin 2024-10-17 N/A 4.3 MEDIUM
The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used.
CVE-2024-8651 1 Netcat 1 Netcat Content Management System 2024-09-23 N/A 5.3 MEDIUM
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
CVE-2024-34336 1 Ordat 1 Ordat.erp 2024-09-18 N/A 5.3 MEDIUM
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.
CVE-2024-42343 1 Loway 1 Queuemetrics 2024-09-11 N/A 7.5 HIGH
Loway - CWE-204: Observable Response Discrepancy