{"vulnerability": "CVE-2022-23342", "sightings": [{"uuid": "e59e53a0-ada7-44c6-b8f7-eb5cdcbafb70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23342", "type": "seen", "source": "https://t.me/cibsecurity/44894", "content": "\u203c CVE-2022-23342 \u203c\n\nThe Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T18:27:39.000000Z"}]}