216.73.216.133

CVE-2024-34336

· Published 12/09/2024 19:15 · Modified 18/09/2024 20:32

Labels: CVE-2024-34336 2024-09-12CVE-2024-34336CWE-203CWE-204[email protected]

Essential information

Published
12/09/2024 19:15
Modified
18/09/2024 20:32
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS metrics

Description

User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ordat / ordat.erp cpe:2.3:a:ordat:ordat.erp:*:*:*:*:*:*:*:*

References