CVE-2020-27408

High

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated…

mitre·CWE-287·Published 2020-12-04

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

191 chars

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.

NVDen

191 chars

OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users.

OpenSIS Community Edition versiones hasta 7.6 está afectado por controles de acceso incorrectos para el archivo ResetUserInfo.php que permiten a un atacante no autenticado cambiar la contraseña de usuarios arbitrarios

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N