PT-2023-25589 · Ilias · Ilias
Published
2023-06-29
·
Updated
2024-11-26
·
CVE-2023-36487
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ILIAS versions 7.0 beta1 through 7.20
ILIAS versions 8.0 beta1 through 8.1
Description
The password reset function allows remote attackers to take over the account.
Recommendations
For ILIAS versions 7.0 beta1 through 7.20, consider disabling the password reset function until a patch is available.
For ILIAS versions 8.0 beta1 through 8.1, consider disabling the password reset function until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ilias