Alfresco

Reset Password

2 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
10

CVE-2020-15181

  • EPSS 0.23%
  • Published 18.09.2020 18:15:16
  • Last modified 21.11.2024 05:05:01

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The ...

8.8

CVE-2020-25728

Exploit
  • EPSS 0.35%
  • Published 17.09.2020 17:15:16
  • Last modified 21.11.2024 05:18:35

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.