6.5 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
74.8%
Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.
secunia.com/advisories/31503
sourceforge.net/project/shownotes.php?release_id=619864
sourceforge.net/tracker/index.php?func=detail&aid=2040324&group_id=82171&atid=1098812
www.securityfocus.com/bid/30706
exchange.xforce.ibmcloud.com/vulnerabilities/44485