Vulnerability Details CVE-2021-44848
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.472
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/165327/Cibele-Thinfinity-VirtualUI-2.5.41.0-User-Enumeration.html
- https://github.com/cybelesoft/virtualui/issues/1
- http://packetstormsecurity.com/files/165327/Cibele-Thinfinity-VirtualUI-2.5.41.0-User-Enumeration.html
- https://github.com/cybelesoft/virtualui/issues/1
Products affected by CVE-2021-44848
-
cpe:2.3:a:cybelesoft:thinfinity_virtualui:2.0
-
cpe:2.3:a:cybelesoft:thinfinity_virtualui:2.1.28.0
-
cpe:2.3:a:cybelesoft:thinfinity_virtualui:2.1.32.1
-
cpe:2.3:a:cybelesoft:thinfinity_virtualui:2.5
-
cpe:2.3:a:cybelesoft:thinfinity_virtualui:2.5.17.2
-
cpe:2.3:a:cybelesoft:thinfinity_virtualui:2.5.26.2
-
cpe:2.3:a:cybelesoft:thinfinity_virtualui:2.5.41.0