CVE-2017-8879Improper Authentication in ERP CRM

CWE-287Improper Authentication5 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 85.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dolibarr ERP CRM
Timeline
PublishedMay 10
Latest updateMay 13

Description

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages1 packages

🔴Vulnerability Details

4
GHSA
Dolibarr allows password changes without supplying the current password2022-05-13
OSV
Dolibarr allows password changes without supplying the current password2022-05-13
CVEList
CVE-2017-8879: Dolibarr ERP/CRM 42017-05-10
OSV
CVE-2017-8879: Dolibarr ERP/CRM 42017-05-10
CVE-2017-8879 — Improper Authentication in ERP CRM | cvebase