CVE-2024-2482 Surya2Developer Hostel Management Service HTTP POST Request check_availability.php observable response discrepancy

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...

CVE-2024-2482 Surya2Developer Hostel Management Service HTTP POST Request check_availability.php observable response discrepancy

A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /checkavailability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword lea...

IBM Common Licensing User Enumeration Vulnerability

IBM Common Licensing is a license management solution from International Business Machines IBM. A user enumeration vulnerability exists in IBM Common Licensing version 9.0, which stems from an observable response discrepancy that can be exploited by a local attacker to enumerate usernames...

BIT-MAGENTO-2020-9588

Magento versions 2.3.4 and earlier, 2.2.11 and earlier see note, 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass...

BIT-MAGENTO-2020-9690

Magento versions 2.3.5 and earlier, and 2.3.5 and earlier have an observable timing discrepancy vulnerability. Successful exploitation could lead to signature verification bypass...

BIT-JENKINS-2022-34174

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

Design/Logic Flaw

IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814...

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

Design/Logic Flaw

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

CVE-2022-45177

An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...

CVE-2022-45177

LIVEBOX Collaboration vDesk (through v031) is affected. A vulnerability described as an Observable Response Discrepancy occurs on /api/v1/vdeskintegration/user/isenableuser, /api/v1/sharedsearch?search={NAME]+{SURNAME], and /login, where the web app reveals internal state information to unauthori...

Observable Discrepancy

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response...

CVE-2023-50306

IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337...

CVE-2023-50306 IBM Common Licensing information disclosure

IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337...

PT-2024-13895 · Ibm · Ibm Common Licensing

Name of the Vulnerable Software and Affected Versions: IBM Common Licensing version 9.0 Description: The issue allows a local user to enumerate usernames due to an observable response discrepancy. Recommendations: For IBM Common Licensing version 9.0, at the moment, there is no information about ...

Observable Discrepancy

Liferay Portal is vulnerable to Observable Discrepancy. The vulnerability is due to the handling of different responses based on site existence or user permissions. An attacker can discover the existence of sites by enumerating URLs...

Observable Discrepancy

Overview Affected versions of this package are vulnerable to Observable Discrepancy due to the implementation of the SP Math All RSA when built with specific configuration options. An attacker can decrypt ciphertexts and forge signatures after probing with a large number of test observations...

Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...