CVE-2024-0491

A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596.
Configurations

Configuration 1 (hide)

cpe:2.3:a:huaxiaerp:huaxia_erp:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:46

Type Values Removed Values Added
References () https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md - Broken Link () https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md - Broken Link
References () https://vuldb.com/?ctiid.250596 - Permissions Required, Third Party Advisory () https://vuldb.com/?ctiid.250596 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.250596 - Third Party Advisory () https://vuldb.com/?id.250596 - Third Party Advisory
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 5.3

22 Jan 2024, 19:26

Type Values Removed Values Added
CPE cpe:2.3:a:huaxiaerp:huaxia_erp:*:*:*:*:*:*:*:*
First Time Huaxiaerp huaxia Erp
Huaxiaerp
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
References () https://vuldb.com/?ctiid.250596 - () https://vuldb.com/?ctiid.250596 - Permissions Required, Third Party Advisory
References () https://vuldb.com/?id.250596 - () https://vuldb.com/?id.250596 - Third Party Advisory
References () https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md - () https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md - Broken Link

13 Jan 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-13 15:15

Updated : 2024-11-21 08:46


NVD link : CVE-2024-0491

Mitre link : CVE-2024-0491

CVE.ORG link : CVE-2024-0491


JSON object : View

Products Affected

huaxiaerp

  • huaxia_erp
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password