How severe is CVE-2023-39960?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-39960?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2023-39960 - HIGH Severity | CVSS 7.5

Vulnerability Description

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available.

Related Vulnerabilities

CVE-1999-1152

HIGH

CVSS:7.5(High)

Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force att...

CWE-3071999

CVE-2002-0628

HIGH

CVSS:7.5(High)

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute f...

CWE-3072002

CVE-2013-1895

HIGH

CVSS:7.5(High)

The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the pa...

CWE-3072013

CVE-2013-2257

HIGH

CVSS:7.5(High)

Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness

CWE-3072013

CVE-2015-20110

HIGH

CVSS:7.5(High)

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by bru...

CWE-3072015

CVE-2017-14423

HIGH

CVSS:7.5(High)

htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remo...

CWE-3072017