CVSS 3.1 Score 3.7 of 10 (low)


Published Mar 20, 2024
Updated: Mar 21, 2024
CWE ID 204


CVE-2024-28868 is a vulnerability affecting Umbraco, an ASP.NET content management system. Specifically, Umbraco 10 prior to version 10.8.4 with access to the native login screen is susceptible to a potential user enumeration attack. To address this issue, the developers released a fix in version 10.8.5. As a temporary workaround, users can disable the native login screen and exclusively use external logins. The vulnerability poses a low risk with a base severity of 3.7 according to the CVSS score, indicating a potential for low confidentiality impact but no integrity or availability impact.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-28868 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options