J0Ey17

**Name of the Vulnerable Software and Affected Versions** Silverpeas versions 6.4.1 through 6.4.2 **Description** A user enumeration issue exists in the `/CredentialsServlet/ForgotPassword` endpoint. This allows remote attackers to determine valid usernames via the `Login` parameter. **Recommendations** Silverpeas version 6.4.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Silverpeas version 6.4.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.