PT-2025-44596 · Unknown · Therefore Online+2
Published
2025-10-31
·
Updated
2025-10-31
·
CVE-2025-11843
CVSS v4.0
8.8
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Therefore Online (affected versions not specified)
Therefore On-Premises (affected versions not specified)
Description
A malicious user may be able to impersonate the web service account or the account of a service using the API when connecting to the Therefore Server. Successful impersonation at the application level could allow access to documents stored within Therefore. This is not an operating system level impersonation.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Therefore On-Premises
Therefore Online
Therefore Server