#VU14559 Brute-force attack in Fiserv web platform
Published: August 29, 2018
Vulnerability identifier: #VU14559
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Fiserv web platform
Fiserv web platform
Software vendor:
Fiserv
Fiserv
Description
The vulnerability allows a remote attacker to conduct brute-force attack on the target system.
The vulnerability exists due to use of a specific “event number" in the operation alerts. A remote attacker can conduct brute-force attack, gain access to the victims' data and potentially modify or delete important information, as phone numbers and email addresses.
Remediation
Cybersecurity Help is currently unaware of any solutions addressing the vulnerability.