ByteOS Network

NVD Vulnerability Details :

CVE-2020-15181

Analyzed

Source-security-advisories@github.com

Published At-18 Sep, 2020 | 18:15

Updated At-18 Nov, 2021 | 17:51

The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	9.3	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

alfresco>>reset_password>>Versions before 1.2.0(exclusive)

cpe:2.3:a:alfresco:reset_password:*:*:*:*:*:alfresco:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov
CWE-20	Secondary	security-advisories@github.com
CWE-284	Secondary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/FlexSolution/AlfrescoResetPassword/commit/5927b9651356c4cd952cb9b485292583d305b47c	security-advisories@github.com	Patch Third Party Advisory
https://github.com/FlexSolution/AlfrescoResetPassword/security/advisories/GHSA-xrc8-fjp4-h4fv	security-advisories@github.com	Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History