Описание
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitIssue Tracking
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- ExploitIssue Tracking
Уязвимые конфигурации
Конфигурация 1Версия до 3.5 (включая)
cpe:2.3:a:jishenghua:jsherp:*:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00037
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 4.3
github
7 месяцев назад
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
EPSS
Процентиль: 11%
0.00037
Низкий
4.3 Medium
CVSS3
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-640