← Back

Reset Password

reset_password

Vendor: Alfresco • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-15181
1Alfresco
1Reset Password
Nov 21, 2024
Sep 18, 2020
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where...Show more
The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0Show less
CVE-2020-25728
1Alfresco
1Reset Password
Nov 21, 2024
Sep 17, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account.