PT-2018-9536 · Artica · Artica Integria Ims
Carl
·
Published
2018-12-20
·
Updated
2019-08-16
·
CVE-2018-1000812
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Artica Integria IMS versions prior to the version released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047
Description
The issue is related to a weak password recovery mechanism in the password recovery process. This can result in IntegriaIMS web app user accounts being taken over. The attack appears to be exploitable via network access to the IntegriaIMS web interface. The vulnerable code is located in line 45 of general/password recovery.php.
Recommendations
For Artica Integria IMS versions prior to the version released after commit f2ff0ba821644acecb893483c86a9c4d3bb75047, update to a version released after the specified commit to resolve the issue. As a temporary workaround, consider restricting access to the password recovery process until the update is applied.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Artica Integria Ims