Lucene search

MitreCVE-2019-7217

HistoryMay 13, 2019 - 7:29 p.m.

CVE-2019-7217

2019-05-1319:29:01

CWE-203

mitre

web.nvd.nist.gov

citrix

sharefile

user enumeration

authentication bypass

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Citrix ShareFile before 19.12 allows User Enumeration. It is possible to enumerate application username based on different server responses using the request to check the otp code. No authentication is required.

Affected configurations

Nvd

Node

citrixsharefileRange<19.12

VendorProductVersionCPE
citrixsharefile*cpe:2.3:a:citrix:sharefile:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
citrix	sharefile	*	cpe:2.3:a:citrix:sharefile::::::::

References

www.sk-it.com/en/cve.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.6

Confidence

High

EPSS

0.006

Percentile

78.3%

JSON

Related for CVE-2019-7217