CVE-2025-1714 - Vulnerability Details - OpenCVE

Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://portal.perforce.com/s/detail/a91PA000001ScY1YAK

History

Fri, 07 Mar 2025 05:45:00 +0000

Type	Values Removed	Values Added
References	https://perforce1.lightning.force.com/lightning/r/a91PA000001ScY1YAK/view

Fri, 07 Mar 2025 04:45:00 +0000

Type	Values Removed	Values Added
Title		Username Enumeration in Gliffy
References		https://portal.perforce.com/s/detail/a91PA000001ScY1YAK

Wed, 05 Mar 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 05 Mar 2025 15:00:00 +0000

Type	Values Removed	Values Added
Description		Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server
Weaknesses		CWE-200 CWE-307
References		https://perforce1.lightning.force.com/lightning/r/a91PA000001ScY1YAK/view
Metrics		cvssV4_0 `{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: Perforce

Published: 2025-03-05T14:56:53.962Z

Updated: 2025-03-07T04:37:18.431Z

Reserved: 2025-02-26T10:48:12.335Z

Link: CVE-2025-1714

Vulnrichment

Updated: 2025-03-05T16:20:17.562Z

NVD

Status : Received

Published: 2025-03-05T15:15:15.413

Modified: 2025-03-07T05:15:16.233

Link: CVE-2025-1714

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1714", "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "state": "PUBLISHED", "assignerShortName": "Perforce", "dateReserved": "2025-02-26T10:48:12.335Z", "datePublished": "2025-03-05T14:56:53.962Z", "dateUpdated": "2025-03-07T04:37:18.431Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Gliffy", "vendor": "Perforce", "versions": [{"lessThan": "4.14.0-7", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version <span style=\"background-color: rgb(255, 255, 255);\">4.14.0-7</span> on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server"}], "value": "Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7\u00a0on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server"}], "impacts": [{"capecId": "CAPEC-169", "descriptions": [{"lang": "en", "value": "CAPEC-169 Footprinting"}]}, {"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}, {"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575 Account Footprinting"}]}, {"capecId": "CAPEC-290", "descriptions": [{"lang": "en", "value": "CAPEC-290 Enumerate Mail Exchange (MX) Records"}]}, {"capecId": "CAPEC-2", "descriptions": [{"lang": "en", "value": "CAPEC-2 Inducing Account Lockout"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "Perforce", "dateUpdated": "2025-03-07T04:37:18.431Z"}, "references": [{"url": "https://portal.perforce.com/s/detail/a91PA000001ScY1YAK"}], "source": {"discovery": "UNKNOWN"}, "title": "Username Enumeration in Gliffy", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-05T16:19:46.916522Z", "id": "CVE-2025-1714", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T16:20:21.639Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1714", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-05T16:19:46.916522Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-05T16:20:17.562Z"}}], "cna": {"title": "Username Enumeration in Gliffy", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-169", "descriptions": [{"lang": "en", "value": "CAPEC-169 Footprinting"}]}, {"capecId": "CAPEC-469", "descriptions": [{"lang": "en", "value": "CAPEC-469 HTTP DoS"}]}, {"capecId": "CAPEC-575", "descriptions": [{"lang": "en", "value": "CAPEC-575 Account Footprinting"}]}, {"capecId": "CAPEC-290", "descriptions": [{"lang": "en", "value": "CAPEC-290 Enumerate Mail Exchange (MX) Records"}]}, {"capecId": "CAPEC-2", "descriptions": [{"lang": "en", "value": "CAPEC-2 Inducing Account Lockout"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Perforce", "product": "Gliffy", "versions": [{"status": "affected", "version": "0", "lessThan": "4.14.0-7", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://portal.perforce.com/s/detail/a91PA000001ScY1YAK"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7\u00a0on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server", "supportingMedia": [{"type": "text/html", "value": "Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version <span style=\"background-color: rgb(255, 255, 255);\">4.14.0-7</span> on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-307", "description": "CWE-307 Improper Restriction of Excessive Authentication Attempts"}]}], "providerMetadata": {"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "Perforce", "dateUpdated": "2025-03-07T04:37:18.431Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1714", "state": "PUBLISHED", "dateUpdated": "2025-03-07T04:37:18.431Z", "dateReserved": "2025-02-26T10:48:12.335Z", "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "datePublished": "2025-03-05T14:56:53.962Z", "assignerShortName": "Perforce"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7\u00a0on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server"}, {"lang": "es", "value": "La falta de limitaci\u00f3n de velocidad en el flujo de trabajo de registro en Perforce Gliffy anterior a la versi\u00f3n 4.14.0-7 en Gliffy en l\u00ednea permite al atacante enumerar correos electr\u00f3nicos de usuarios v\u00e1lidos y potencialmente atacar el servidor"}], "id": "CVE-2025-1714", "lastModified": "2025-03-07T05:15:16.233", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security@puppet.com", "type": "Secondary"}]}, "published": "2025-03-05T15:15:15.413", "references": [{"source": "security@puppet.com", "url": "https://portal.perforce.com/s/detail/a91PA000001ScY1YAK"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-307"}], "source": "security@puppet.com", "type": "Secondary"}]}