CVE-2024-36042

June 3, 2024, 2:46 p.m.

None
No Score

Description

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.

Product(s) Impacted

Product Versions
Silverpeas
  • ['before 6.3.5']

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d
https://github.com/Silverpeas/Silverpeas-Core/tags
https://silverpeas.org/

Tags

cve@mitre.org
2024-06-03
CVE-2024-36042

Timeline

Published: June 3, 2024, 6:15 a.m.
Last Modified: June 3, 2024, 2:46 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.