CVE-2024-11084

Summary

Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.

Affected Software

VendorProductVersion RangeStatus
PerforceHelix ALM0 < 2025.1affected

Weaknesses

  • CWE-203: CWE-203 Observable Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References