CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-15181

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0400%
EPSS Percentile37.09th
Published2020年9月18日
Last Modified2024年11月21日

Vulnerability Description

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0

Affected Platforms (CPE)

📦
Alfresco

Reset Password

< 1.2.0

References & Advisories

🔗 https://github.com/FlexSolution/AlfrescoResetPassword/commit/5927b9651356c4cd952cb9b485292583d305b47c
🔗 https://github.com/FlexSolution/AlfrescoResetPassword/security/advisories/GHSA-xrc8-fjp4-h4fv
🔗 https://github.com/FlexSolution/AlfrescoResetPassword/commit/5927b9651356c4cd952cb9b485292583d305b47c
🔗 https://github.com/FlexSolution/AlfrescoResetPassword/security/advisories/GHSA-xrc8-fjp4-h4fv

相關漏洞威脅

CVE-2000-089410.0

HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets ...

CVE-2003-049410.0

password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by v...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.

CVE-2004-176910.0

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows rem...