CVE-2020-27740
published 2020-10-28CVE-2020-27740: Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
1.28%
66.3th percentile
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| citadel | webcit | <= 926 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8mh6-v49g-9mfp: Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform
ghsa_unreviewed·2022-05-24
CVE-2020-27740 [MEDIUM] GHSA-8mh6-v49g-9mfp: Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
OSV
CVE-2020-27740: Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform
osv·2020-10-28·CVSS 5.3
CVE-2020-27740 [MEDIUM] CVE-2020-27740: Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform
Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-10-28
Published