The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin’s access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The problem is fixed in version 1.2.0
CPE | Name | Operator | Version |
---|---|---|---|
alfrescoresetpassword | eq | 1.1.0.RC2 | |
alfrescoresetpassword | eq | 1.1.0 | |
alfrescoresetpassword | eq | 1.2.0.RC1 | |
alfrescoresetpassword | eq | 1.1.0.RC3 |