PT-2020-14252 · Alfresco · Alfresco Reset Password Add-On

Published

2020-09-18

Updated

2021-11-18

CVE-2020-15181

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Alfresco Reset Password add-on versions prior to 1.2.0

Description The issue allows intruders to gain admin access to the system by relying on untrusted inputs in a security decision, impacting all servers with the Alfresco Reset Password add-on installed.

Recommendations For versions prior to 1.2.0, update to version 1.2.0 to resolve the issue.

Fix

Improper Access Control

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-20

Related Identifiers

CVE-2020-15181

GHSA-XRC8-FJP4-H4FV

Affected Products

Alfresco Reset Password Add-On

PT-2020-14252 · Alfresco · Alfresco Reset Password Add-On

CVE-2020-15181

Weakness Enumeration

Related Identifiers

Affected Products

References · 4