PT-2023-21531 · Unknown · Pandora Fms

Edisc From

Publicado

2023-06-13

Atualizado

2023-06-23

CVE-2023-2807

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Pandora FMS versions prior to 7.71

Description The issue is related to an Authentication Bypass by Spoofing vulnerability in the password reset process. This allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication.

Recommendations For versions prior to 7.71, update to a version that includes the fix for this issue to prevent exploitation.

Correção

Authentication Bypass by Spoofing

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-290

Identificadores relacionados

CVE-2023-2807

Produtos afetados

Pandora Fms

PT-2023-21531 · Unknown · Pandora Fms

CVE-2023-2807

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4