Unknown · Silverpeas · CVE-2025-46047
**Name of the Vulnerable Software and Affected Versions**
Silverpeas versions 6.4.1 through 6.4.2
**Description**
A user enumeration issue exists in the `/CredentialsServlet/ForgotPassword` endpoint. This allows remote attackers to determine valid usernames via the `Login` parameter.
**Recommendations**
Silverpeas version 6.4.1: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Silverpeas version 6.4.2: At the moment, there is no information about a newer version that contains a fix for this vulnerability.