Описание
Silverpeas Core Username Enumeration Vulnerability
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
Пакеты
Наименование
org.silverpeas.core:silverpeas-core
maven
Затронутые версииВерсия исправления
>= 6.4.1, < 6.4.3
6.4.3
Связанные уязвимости
CVSS3: 6.5
nvd
5 месяцев назад
A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.