CVE-2018-14597

{"id": "CVE-2018-14597", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2018-10-17T21:49:52.897", "references": [{"url": "http://www.securityfocus.com/bid/105688", "tags": ["Third Party Advisory", "VDB Entry"], "source": "vuln@ca.com"}, {"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20181017-01-security-notice-for-ca-identity-governance.html", "tags": ["Patch", "Vendor Advisory"], "source": "vuln@ca.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "vuln@ca.com", "description": [{"lang": "en", "value": "CWE-203"}]}], "descriptions": [{"lang": "en", "value": "CA Technologies Identity Governance 12.6, 14.0, 14.1, and 14.2 and CA Identity Suite Virtual Appliance 14.0, 14.1, and 14.2 provide telling error messages that may allow remote attackers to enumerate account names."}, {"lang": "es", "value": "CA Technologies Identity Governance 12.6, 14.0, 14.1 y 14.2; y CA Identity Suite Virtual Appliance 14.0, 14.1 y 14.2 son vulnerables a una enumeraci\u00f3n de usuarios."}], "lastModified": "2019-10-09T23:35:01.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:ca_identity_governance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "490A1121-1717-4CB5-A125-86AB9FA73FA1", "versionEndIncluding": "14.2", "versionStartIncluding": "14.0"}, {"criteria": "cpe:2.3:a:broadcom:ca_identity_governance:12.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33287A1F-869F-445C-A339-163C6A2F4C3E"}, {"criteria": "cpe:2.3:a:broadcom:ca_identity_suite_virtual_appliance:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB251742-28E6-4A2C-A379-1460EB09BBD7", "versionEndIncluding": "14.2", "versionStartIncluding": "14.0"}], "operator": "OR"}]}], "sourceIdentifier": "vuln@ca.com"}