CyberSec.Space Logo
Back to CVE Browser

CVE-2020-15181

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile37.09th
PublishedSep 18, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0

Affected Platforms (CPE)

πŸ“¦
Alfresco

Reset Password

< 1.2.0

References & Advisories

πŸ”— https://github.com/FlexSolution/AlfrescoResetPassword/commit/5927b9651356c4cd952cb9b485292583d305b47c
πŸ”— https://github.com/FlexSolution/AlfrescoResetPassword/security/advisories/GHSA-xrc8-fjp4-h4fv
πŸ”— https://github.com/FlexSolution/AlfrescoResetPassword/commit/5927b9651356c4cd952cb9b485292583d305b47c
πŸ”— https://github.com/FlexSolution/AlfrescoResetPassword/security/advisories/GHSA-xrc8-fjp4-h4fv

Related Vulnerabilities

CVE-2000-089410.0

HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets ...

CVE-2003-049410.0

password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by v...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2004-176910.0

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows rem...