CVE-2021-44839

MEDIUM Year: 2021
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.0
Medium
Weakness Type
CWE-640
View all →

Vulnerability Description

An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/adm_utilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset (and new ones sent to their respective e-mail addresses).

Related Vulnerabilities

CVE-2016-5997

MEDIUM
CVSS:6.5(Medium)

The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223...

CWE-6402016

CVE-2017-1000141

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, ...

CWE-6402017

CVE-2018-12315

MEDIUM
CVSS:6.5(Medium)

Missing verification of a password in ASUSTOR ADM version 3.1.1 allows attackers to change account passwords without entering the current password.

CWE-6402018

CVE-2019-15749

MEDIUM
CVSS:6.5(Medium)

SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access ...

CWE-6402019

CVE-2023-5840

MEDIUM
CVSS:6.5(Medium)

Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9.

CWE-6402023

CVE-2024-36407

MEDIUM
CVSS:6.5(Medium)

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attack...

CWE-6402024