Vulnerabilities > CVE-2023-49278 - Improper Restriction of Excessive Authentication Attempts vulnerability in Umbraco CMS

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
umbraco
CWE-307
NVD
Published: 2023-12-12
Updated: 2023-12-15

Summary

Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue.

Vulnerable Configurations

Part Description Count
Application
Umbraco
124

Common Weakness Enumeration (CWE)

References