CVE-2004-1697

medium

Description

The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17464

http://www.securityfocus.com/bid/11229

http://secunia.com/advisories/12620

http://marc.info/?l=bugtraq&m=109579952809320&w=2

Details

Source: Mitre, NVD

Published: 2004-09-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00741