Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
References
Configurations
No configuration.
History
21 Nov 2024, 09:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d - | |
References | () https://github.com/Silverpeas/Silverpeas-Core/tags - | |
References | () https://silverpeas.org/ - |
03 Jul 2024, 02:02
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-288 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
03 Jun 2024, 14:46
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Jun 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-03 06:15
Updated : 2024-11-21 09:21
NVD link : CVE-2024-36042
Mitre link : CVE-2024-36042
CVE.ORG link : CVE-2024-36042
JSON object : View
Products Affected
No product.
CWE
CWE-288
Authentication Bypass Using an Alternate Path or Channel