Description
Lack of Rate Limiting in Sign-up workflow in Perforce Gliffy prior to version 4.14.0-7 on Gliffy online allows attacker to enumerate valid user emails and potentially DOS the server
References (1)
Core 1
Core References
Various Sources
https://portal.perforce.com/s/detail/a91PA000001ScY1YAK
Scores
CVSS v4
6.9
EPSS
0.0034
EPSS Percentile
25.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
CWE-307
Status
published
Products (1)
Perforce/Gliffy
< 4.14.0-7
Published
Mar 05, 2025
Tracked Since
Feb 18, 2026