Kurmi Software

Unified Communication - Automate & Simplify the management

CVE-2024-54454:

Description

  • An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15.
  • An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a username is valid or not. This allows confirmation of valid usernames.

Vulnerability Type

  • CWE-204: Observable Response Discrepancy