Описание
Silverpeas authentication bypass
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
Пакеты
Наименование
org.silverpeas.core:silverpeas-core
maven
Затронутые версииВерсия исправления
< 6.3.5
6.3.5
Связанные уязвимости
CVSS3: 9.8
nvd
больше 1 года назад
Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.