CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-26526

An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password").

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.7%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://github.com/lukaszstu/SmartAsset-UE-CVE-2020-26526
https://smartasset.com/
https://support.damstratechnology.com/hc/en-us/categories/900000115446-SmartAsset-Damstra-Asset-Management-Platform
https://github.com/lukaszstu/SmartAsset-UE-CVE-2020-26526
https://smartasset.com/
https://support.damstratechnology.com/hc/en-us/categories/900000115446-SmartAsset-Damstra-Asset-Management-Platform

Products affected by CVE-2020-26526

Damstratechnology » Smart Asset » Version: 2020.7

cpe:2.3:a:damstratechnology:smart_asset:2020.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-26526

Products

Pricing

Contact Us