CVE-2010-1221

2010-04-07T15:30:00
ID CVE-2010-1221
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T19:56:00

Description

CA XOsoft r12.0 and r12.5 does not properly perform authentication, which allows remote attackers to enumerate usernames via a SOAP request. Per: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=232869

'The first vulnerability, CVE-2010-1221, occurs due to a lack of authentication. An attacker can make a SOAP request to enumerate user names. This vulnerability has a low risk rating and affects r12.0 and r12.5 XOsoft products.'