CVE-2009-1769

{"id": "CVE-2009-1769", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-05-22T18:30:00.313", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529344", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35157", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35313", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ocsinventory-ng.org/index.php?mact=News%2Ccntnt01%2Cdetail%2C0&cntnt01articleid=133&cntnt01returnid=69", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35023", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00050.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00057.html", "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00063.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The web interface in Open Computer and Software Inventory Next Generation (OCS Inventory NG) 1.01 generates different error messages depending on whether a username is valid, which allows remote attackers to enumerate valid usernames."}, {"lang": "es", "value": "La interfaz web en Open Computer and Software Inventory Next Generation (OCS Inventory NG) versi\u00f3n 1.01 genera diferentes mensajes de error dependiendo de si un nombre de usuario es v\u00e1lido, lo que permite a los atacantes remotos enumerar nombres de usuarios v\u00e1lidos."}], "lastModified": "2023-11-07T02:03:59.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ocsinventory-ng:ocs_inventory_ng:1.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D9ACDD1-0586-47F1-9421-F4D176BF438E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}