CVE-2017-14772

{"id": "CVE-2017-14772", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2017-10-03T01:29:02.623", "references": [{"url": "http://www.securityfocus.com/bid/101069", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://lp.skyboxsecurity.com/rs/440-MPQ-510/images/Skybox_Product_Security_Advisory_9_28_17.pdf", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Skybox Manager Client Application is prone to information disclosure via a username enumeration attack. A local unauthenticated attacker could exploit the flaw to obtain valid usernames, by analyzing error messages upon valid and invalid account login attempts."}, {"lang": "es", "value": "Skybox Manager Client Application es propenso a la divulgaci\u00f3n de informaci\u00f3n mediante un ataque de enumeraci\u00f3n de nombres de usuario. Un atacante local sin autorizaci\u00f3n podr\u00eda explotar esta vulnerabilidad para obtener nombres de usuario v\u00e1lidos analizando mensajes de error a ra\u00edz de intentos de inicio de sesi\u00f3n v\u00e1lidos e inv\u00e1lidos."}], "lastModified": "2017-10-11T17:23:30.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:skyboxsecurity:skybox_manager_client_application:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F2D4A7CE-677E-4692-B284-9A9DB468C5C4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}