CVE-2017-8879
published 2017-05-10CVE-2017-8879: Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain…
PriorityP426medium6.8CVSS 3.0
AVPACLPRNUINSUCHIHAH
EPSS
0.44%
35.1th percentile
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr_erp_crm | — | — |
CVSS provenance
nvdv3.06.8MEDIUMCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Dolibarr allows password changes without supplying the current password
ghsa·2022-05-13
CVE-2017-8879 [MEDIUM] CWE-287 Dolibarr allows password changes without supplying the current password
Dolibarr allows password changes without supplying the current password
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
OSV
Dolibarr allows password changes without supplying the current password
osv·2022-05-13
CVE-2017-8879 [MEDIUM] Dolibarr allows password changes without supplying the current password
Dolibarr allows password changes without supplying the current password
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
OSV
CVE-2017-8879: Dolibarr ERP/CRM 4
osv·2017-05-10·CVSS 6.8
CVE-2017-8879 [MEDIUM] CVE-2017-8879: Dolibarr ERP/CRM 4
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2017-05-10
Published