Unknown · Silverpeas · CVE-2024-36042
**Name of the Vulnerable Software and Affected Versions**
Silverpeas versions prior to 6.3.5
**Description**
The issue allows authentication bypass by omitting the `Password` field to `AuthenticationServlet`, potentially providing an unauthenticated user with superadmin access. This has been exploited in real-world incidents to gain access and escalate privileges.
**Recommendations**
For versions prior to 6.3.5, update to version 6.3.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `AuthenticationServlet` to minimize the risk of exploitation.