Security
Headlines
HeadlinesLatestCVEs

Headline

ABB Cylon Aspect 3.08.01 (jsonProxy.php) Username Enumeration

The jsonProxy.php endpoint on the ABB BMS/BAS controller is vulnerable to username enumeration. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring authentication, attackers can gain unauthorized insights into valid usernames.

Zero Science Lab
#js#php#auth

Zero Science Lab: Latest News

ABB Cylon Aspect 3.08.00 (log(Mix/Yum)Lookup.php) Off-by-One Error in Log Parsing