PT-2023-25172 · Knowage · Knowage
Davide-Zerbetto
+1
·
Published
2023-06-23
·
Updated
2023-07-03
·
CVE-2023-35154
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Knowage versions 6.0.0 through 8.1.7
Description
The issue allows an attacker to register and activate their account without having to click on the link included in the email, giving them access to the application as a normal user.
Recommendations
For versions 6.0.0 through 8.1.7, update to version 8.1.8 to resolve the issue.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Knowage