Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-25961
HistorySep 29, 2021 - 2:15 p.m.

CVE-2021-25961

2021-09-2914:15:08
Google
osv.dev
2
suitecrm
password reset
security vulnerability
account takeover

AI Score

7

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.

Related

cve 1
prion 1
osv 1
nvd 1
cvelist 1
cve
cve
CVE-2021-25961
2021-09-29 14:15:08
prion
prion
Design/Logic Flaw
2021-09-29 14:15:00
osv
osv
BIT-suitecrm-2021-25961
2024-03-06 11:10:16
nvd
nvd
CVE-2021-25961
2021-09-29 14:15:08
cvelist
cvelist
CVE-2021-25961 SuiteCRM - Account Takeover in Password Reset Functionality
2021-09-29 13:50:10

AI Score

7

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON
Related for OSV:CVE-2021-25961
cve1prion1osv1nvd1cvelist1