Описание
Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "corrected in all maintained versions. Password reset requests are validated against registered user emails and require a valid, short-lived token."
Ссылки
- Third Party Advisory
- ProductVendor Advisory
- Third Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:forlogic:qualiex:1.0:*:*:*:*:*:*:*
cpe:2.3:a:forlogic:qualiex:3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00828
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request.
EPSS
Процентиль: 74%
0.00828
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-287