Описание
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
EPSS
Процентиль: 5%
0.00025
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-640
Связанные уязвимости
CVSS3: 4.3
github
около 2 месяцев назад
A vulnerability classified as problematic was found in jshERP up to 3.5. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/user/updatePwd. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
EPSS
Процентиль: 5%
0.00025
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-640