[email protected]CVE-2010-1221

HistoryApr 07, 2010 - 3:30 p.m.

CVE-2010-1221

2010-04-0715:30:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2010-1221

ca xosoft

authentication

vulnerability

nvd

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.0%

JSON

CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request.

CPENameOperatorVersion
ca:xosoft_replicationca xosoft replicationeqr12.5
ca:xosoft_high_availabilityca xosoft high availabilityeqr12.5
ca:xosoft_content_distributionca xosoft content distributioneqr12.0
ca:xosoft_high_availabilityca xosoft high availabilityeqr12.0
ca:xosoft_replicationca xosoft replicationeqr12.0
ca:xosoft_content_distributionca xosoft content distributioneqr12.5

CPE	Name	Operator	Version
ca:xosoft_replication	ca xosoft replication	eq	r12.5
ca:xosoft_high_availability	ca xosoft high availability	eq	r12.5
ca:xosoft_content_distribution	ca xosoft content distribution	eq	r12.0
ca:xosoft_high_availability	ca xosoft high availability	eq	r12.0
ca:xosoft_replication	ca xosoft replication	eq	r12.0
ca:xosoft_content_distribution	ca xosoft content distribution	eq	r12.5

References

www.securityfocus.com/archive/1/510564/100/0/threaded

www.securityfocus.com/bid/39244

support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for CVE-2010-1221

nessus2 prion1 securityvulns2