CVE-2024-36042

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
Configurations

No configuration.

History

21 Nov 2024, 09:21

Type Values Removed Values Added
References () https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d - () https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d -
References () https://github.com/Silverpeas/Silverpeas-Core/tags - () https://github.com/Silverpeas/Silverpeas-Core/tags -
References () https://silverpeas.org/ - () https://silverpeas.org/ -

03 Jul 2024, 02:02

Type Values Removed Values Added
CWE CWE-288
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

03 Jun 2024, 14:46

Type Values Removed Values Added
Summary
  • (es) Silverpeas anterior a 6.3.5 permite omitir la autenticación omitiendo el campo Contraseña en AuthenticationServlet, lo que a menudo proporciona a un usuario no autenticado acceso de superadministrador.

03 Jun 2024, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-03 06:15

Updated : 2024-11-21 09:21


NVD link : CVE-2024-36042

Mitre link : CVE-2024-36042

CVE.ORG link : CVE-2024-36042


JSON object : View

Products Affected

No product.

CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel