CVE-2021-39189

Medium

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the…

GitHub_M·CWE-204·Published 2021-09-15

CVSS

5.3

EPSS

0.01

KEV

Exploits

cve.orgen

270 chars

Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually.

NVDen

270 chars

OSV.deven

293 chars

### Impact It is possible to enumerate usernames via the forgot password functionality ### Patches Update to version `10.1.3` or apply this patch manually: https://github.com/pimcore/pimcore/pull/10223.patch ### Workarounds Apply https://github.com/pimcore/pimcore/pull/10223.patch manually.

GHSAen

293 chars

NVDes

323 chars

Pimcore es una plataforma de administración de datos y experiencias de código abierto. En versiones anteriores a 10.1.3, es posible enumerar los nombres de usuario por medio de la funcionalidad forgot password. Este problema es corregido en versión 10.1.3. Como solución, puede ser aplicado el parche disponible manualmente

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	GHSA	5.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N