Vulnerabilities > CVE-2024-47059 - Unspecified vulnerability in Acquia Mautic 5.1.0

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

acquia

NVD

Published: 2024-09-18

Updated: 2025-02-27

Summary

When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This difference could be used to perform username enumeration.

Vulnerable Configurations

Part	Description	Count
Application	Acquia Acquia Mautic 5.1.0	1

References

https://github.com/mautic/mautic/security/advisories/GHSA-8vff-35qm-qjvv