CVE-2019-1084824.05.2019, 17:29Computrols CBAS 18.0.0 allows Username Enumeration.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST5.3 MEDIUMNETWORKLOWNONECVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NmitreCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 86%VendorProductVersioncomputrolscomputrols_building_automation_software𝑥≤ 19.0.0𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-203 - Observable DiscrepancyThe product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Referenceshttp://packetstormsecurity.com/files/155266/Computrols-CBAS-Web-19.0.0-Username-Enumeration.htmlhttps://applied-risk.com/index.php/download_file/view/196/165https://applied-risk.com/labs/advisorieshttp://packetstormsecurity.com/files/155266/Computrols-CBAS-Web-19.0.0-Username-Enumeration.htmlhttps://applied-risk.com/index.php/download_file/view/196/165https://applied-risk.com/labs/advisories