CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-36042: Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated...

Description

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.

Classification

CVE ID: CVE-2024-36042

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 18.45% (scored less or equal to compared to others)

EPSS Date: 2025-03-14 (when was this score calculated)

References

https://silverpeas.org/
https://github.com/Silverpeas/Silverpeas-Core/tags
https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d

Timeline

2025-02-14 00:32:16 UTC
CVE

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated...