CVE-2024-42850 – org.silverpeas.core:silverpeas-core

Package

Manager: maven
Name: org.silverpeas.core:silverpeas-core
Vulnerable Version: >=0 <=6.4.2

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

EPSS: 0.19551 pctl0.95188

Details

Silverpeas vulnerable to password complexity rule bypass An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

Metadata

Created: 2024-08-16T21:32:36Z
Modified: 2024-08-19T16:01:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/08/GHSA-h6jq-w432-j26w/GHSA-h6jq-w432-j26w.json
CWE IDs: ["CWE-521"]
Alternative ID: GHSA-h6jq-w432-j26w
Finding: F035
Auto approve: 1