Primary

Context

Helix ALM Username Enumeration Vulnerability

Vulnerability

Patched

A vulnerability in Helix ALM versions prior to 2025.1 allows for potential username enumeration. The application returns distinct error messages during the authentication process, which can be exploited by an attacker to determine the existence of a username.

Impact

Exploitation of this vulnerability could lead to unauthorized username enumeration, allowing attackers to verify valid usernames and potentially facilitate further attacks, such as password guessing or phishing.

Remediation

Users can upgrade to Helix ALM version 2025.1 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Helix ALM Username Enumeration Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Perforce Helix ALM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating