La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Facebook Twitter Linkedin Copia Link

tag

CVE-2023-26071

CVE-2023-26071 – HarpaItalia Mcubo ICT

Vulnerability Description: Observable Response Discrepancy - CWE-204

Software Version: 10.12.4 6.0.2

NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-26071

CVSv3: 7.5

Severity: High

Credits: Marco Ventura, Massimiliano Brolli

An issue was discovered in MCUBO ICT through v.10.12.4 – 6.0.2. An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. That allow an unauthorized actor to perform User Enumeration attacks.