CVE-2022-2927

Name of the Vulnerable Software and Affected Versions notrinoserp versions prior to 0.7

Description The issue is related to weak password requirements in the notrinoserp web system management. This weakness can be exploited by a remote attacker to elevate their privileges. The problem arises from missing password strength checks for new account passwords.

Recommendations For versions prior to 0.7, update to version 0.7 or later to resolve the issue. As a temporary workaround, consider implementing a password strength check for new account passwords until a patch is available. Restrict access to password management features to minimize the risk of exploitation.