222 matches found
CVE-2024-13198
A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...
CVE-2023-26071
An issue was discovered in MCUBO ICT through 10.12.4 aka 6.0.2. An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. Th...
CVE-2023-27464
A vulnerability has been identified in Mendix Forgot Password Mendix 7 compatible All versions V3.7.1, Mendix Forgot Password Mendix 8 compatible All versions V4.1.1, Mendix Forgot Password Mendix 9 compatible All versions V5.1.1. The affected versions of the module contain an observable response...
CVE-2023-1540
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...
CVE-2023-38362
IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. IBM X-Force ID: 260814...
CVE-2022-45177
An issue was discovered in LIVEBOX Collaboration vDesk through v031. An Observable Response Discrepancy can occur under the /api/v1/vdeskintegration/user/isenableuser endpoint, the /api/v1/sharedsearch?search=NAME+SURNAME endpoint, and the /login endpoint. The web application provides different...
CVE-2020-26526
An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid "Unable to find an APIDomain" versus "Wrong email or password"...
CVE-2025-3939
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: befo...
CVE-2025-3939
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: befo...
CVE-2025-3939
CVE-2025-3939 describes an observable response discrepancy in Tridium Niagara Framework and Tridium Niagara Enterprise Security that could enable cryptanalysis. Affected software and versions include Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: bef...
CVE-2025-3939 Observable Response Discrepancy
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: befo...
CVE-2025-3939 Observable Response Discrepancy
Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: befo...
CVE-2024-51477
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy...
CVE-2025-1101
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...
CVE-2025-1101
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...
CVE-2025-1101
CVE-2025-1101 affects Q-Free MaxTime <= 2.11.0. A CWE-204 vulnerability in the login page allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests. The issue is triggered by an observable response discrepancy in the authentication flow, enabling user enu...
CVE-2025-1101
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...
CVE-2023-37413
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy...
CVE-2023-37413
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy...
CVE-2023-37413
IBM Aspera Faspex ≤ 5.0.10 is affected by an information-disclosure vulnerability (CVE-2023-37413) caused by an observable response discrepancy that could reveal sensitive username information. Affected product/versions: IBM Aspera Faspex 5.0.0 through 5.0.10. Remediation: upgrade to IBM Aspera F...