CVE-2018-1154

EUVD-2018-11792
In SecurityCenter versions prior to 5.7.0, a username enumeration issue could allow an unauthenticated attacker to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
ADJACENT_NETWORK
LOW
NONE
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
tenablesecuritycenter
𝑥
< 5.7.0
𝑥
= Vulnerable software versions
References
http://www.securitytracker.com/id/1041431
https://www.tenable.com/security/tns-2018-11
http://www.securitytracker.com/id/1041431
https://www.tenable.com/security/tns-2018-11