Vulnerabilities > CVE-2020-35614 - Unspecified vulnerability in Joomla Joomla!

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

joomla

NVD

Published: 2020-12-28

Updated: 2021-07-21

Summary

An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page.

Vulnerable Configurations

Part	Description	Count
Application	Joomla Joomla Joomla! 3.9.0 Joomla Joomla! 3.9.1 Joomla Joomla! 3.9.2 Joomla Joomla! 3.9.3 Joomla Joomla! 3.9.4 Joomla Joomla! 3.9.5 Joomla Joomla! 3.9.6 Joomla Joomla! 3.9.7 Joomla Joomla! 3.9.8 Joomla Joomla! 3.9.9 Joomla Joomla! 3.9.10 Joomla Joomla! 3.9.11 Joomla Joomla! 3.9.12 Joomla Joomla! 3.9.13 Joomla Joomla! 3.9.14 Joomla Joomla! 3.9.15 Joomla Joomla! 3.9.16 Joomla Joomla! 3.9.17 Joomla Joomla! 3.9.19 Joomla Joomla! 3.9.20 Joomla Joomla! 3.9.21 Joomla Joomla! 3.9.22	40

References

https://developer.joomla.org/security-centre/832-20201105-core-user-enumeration-in-backend-login.html