CVE-2016-9499

{"id": "CVE-2016-9499", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-07-13T20:29:02.003", "references": [{"url": "https://www.kb.cert.org/vuls/id/745607", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "https://www.qualys.com/2016/12/06/qsa-2016-12-06/qsa-2016-12-06.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://www.securityfocus.com/bid/96154", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "cret@cert.org", "description": [{"lang": "en", "value": "CWE-204"}]}], "descriptions": [{"lang": "en", "value": "Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them."}, {"lang": "es", "value": "El servidor Accellion FTP en versiones anteriores a FTA_9_12_220 solo devuelve el nombre de usuario en la respuesta del servidor si el nombre de usuario no es v\u00e1lido. Un atacante podr\u00eda usar esta informaci\u00f3n para determinar cuentas de usuario v\u00e1lidas y enumerarlas."}], "lastModified": "2019-10-09T23:20:33.133", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:accellion:ftp_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B564FFD4-6A90-4FD2-A160-9B3422B262CC", "versionEndExcluding": "fta_9_12_220"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}