-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.opencrx:opencrx-client | maven | < 5.2.2 | 5.2.2 |
Miggo AIRoot Cause AnalysisThe vulnerability manifests in the password reset flow where different responses leak account validity. The primary vulnerable function is the request() handler (RequestPasswordResetServlet) that generates distinct messages. The account lookup function (AccountQuery) supports this behavior by providing the existence check. These would appear in stack traces during exploitation as the attacker probes for valid accounts. The JSP endpoint mentioned in advisories typically maps to a servlet handler in Java EE architectures.
KEV Misses 88% of Exploited CVEs- Get the report