CVE-2022-24032 - OpenCVE

Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Adenza	Axiomsl Controllerview

Configuration 1 [-]

cpe:2.3:a:adenza:axiomsl_controllerview:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/jdordonezn/CVE-2022-24032/issues/1	Exploit Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-30T00:59:35

Updated: 2022-01-30T00:59:35

Reserved: 2022-01-26T00:00:00

Link: CVE-2022-24032

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-30T01:15:07.587

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-24032

JSON object: View

Redhat Information

No data.

CWE

CWE-203

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adenza:axiomsl_controllerview:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FAD32F7-19F3-4D52-9ADE-E84D743515D8", "versionEndIncluding": "10.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can identify valid usernames on the platform because a failed login attempt produces a different error message when the username is valid."}, {"lang": "es", "value": "Adenza AxiomSL ControllerView versiones hasta 10.8.1, es vulnerable a la enumeraci\u00f3n de usuarios. Un atacante puede identificar nombres de usuario v\u00e1lidos en la plataforma porque un intento fallido de inicio de sesi\u00f3n produce un mensaje de error diferente cuando el nombre de usuario es v\u00e1lido"}], "id": "CVE-2022-24032", "lastModified": "2023-08-08T14:22:24.967", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-30T01:15:07.587", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/jdordonezn/CVE-2022-24032/issues/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-203"}], "source": "nvd@nist.gov", "type": "Primary"}]}