logo

Database

Automatic information enumeration

Description

It is possible to automatically enumerate system information such as open ports, available services and users personal data.

Impact

- Obtain information from internal users. - Obtain account information from partners and suppliers.

Recommendation

Filter the information that is received through the ports avoiding the detection of services.

Threat

Anonymous attacker from the Internet.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

237 - Ascertain human interaction266 - Disable insecure functionalities327 - Set a rate limit

Fixes

AwsCsharpGoJavaPythonRubyScalaTypescript

Score

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

Attack vector

N

Attack complexity

L

Attack requirements

N

Privileges required

L

User interaction

N

Confidentiality (VC)

L

Integrity (VI)

N

Availability (VA)

N

Confidentiality (SC)

L

Integrity (SI)

L

Availability (SA)

L

Threat 4.0

Exploit maturity

X

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L