5 matches found
CVE-2021-39189
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually...
CVE-2021-39189
creationtimestamp| type| source ---|---|--- 2021-09-15 18:22:19+00:00| seen| https://t.me/cibsecurity/28898...
CVE-2021-39189
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually...
CVE-2021-39189 Observable Response Discrepancy in Lost Password Service
Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually...
CVE-2021-39189
Pimcore before version 10.1.3 is vulnerable to username enumeration through the forgot-password feature, enabling an attacker to infer valid usernames. The root cause is an observable response discrepancy in the lost-password flow. The issue is addressed in Pimcore 10.1.3; a patch can be applied ...