Skip to main content

Reset Password

3 CVEs product

Monthly

CVE-2020-15181 CRITICAL PATCH Act Now

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Reset Password
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-25728 HIGH POC This Week

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Reset Password
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2020-25727 HIGH POC This Week

The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Reset Password
NVD
CVSS 3.1
7.5
EPSS
0.9%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Reset Password
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Reset Password
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Reset Password
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy