Lucene search

INCIBEVULNRICHMENT:CVE-2023-4095

HistorySep 19, 2023 - 1:22 p.m.

CVE-2023-4095 User enumeration vulnerability in Fujitsu Arconte Áurea

2023-09-1913:22:30

CWE-204

INCIBE

github.com

cve-2023-4095

fujitsu

arconte áurea

user enumeration

vulnerability

exploitation

registered users

application security

attack platform

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fujitsu-arconte-aurea

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-4095