Lucene search

Veracode Vulnerability DatabaseVERACODE:44069

HistoryOct 31, 2023 - 6:53 a.m.

Unverified Password Change

2023-10-3106:53:52

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

pimcore

vulnerability

password change

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

pimcore/admin-ui-classic-bundle is vulnerable to Unverified Password Change. The vulnerability allows an attacker to change the password of any user to their old password on a vulnerable system without knowing the user’s current password.

References

github.com/pimcore/admin-ui-classic-bundle/commit/498ac77e54541177be27b0c710e387c47b3836ea

github.com/pimcore/admin-ui-classic-bundle/pull/285

huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021

huntr.com/bounties/b031199d-192a-46e5-8c02-f7284ad74021/

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

Related for VERACODE:44069