CVE-2018-12649
CVE-2018-12649 affects MISP 2.4.92 in app/Controller/UsersController.php, where brute-force protection for login only covers POST requests. An adversary can bypass protection by using PUT for login, enabling potential brute-force attempts. The recorded metrics show CVSS v3 base score 9.8 (CRITICA...