CVE-2021-45226

Name of the Vulnerable Software and Affected Versions COINS Construction Cloud version 11.12

Description An issue was discovered due to improper validation of user-controlled HTTP headers, allowing attackers to cause the system to send password-reset e-mails pointing to arbitrary websites.

Recommendations For COINS Construction Cloud version 11.12, consider temporarily restricting the password-reset functionality until a patch is available to prevent exploitation. Additionally, review and improve the validation of user-controlled HTTP headers to prevent similar issues in the future. At the moment, there is no information about a newer version that contains a fix for this vulnerability.