Brute Force

Affecting ezsystems/ezplatform-admin-ui package, versions >=1.4.0, <1.4.6

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

ezsystems/ezplatform-admin-ui is a package that is part of the eZ Platform Admin UI Bundle.

Affected versions of this package are vulnerable to Brute Force. The functionality for resetting a forgotten password is vulnerable to brute force attack. Depending on configuration and other circumstances an attacker may exploit this to gain control over user accounts.

Remediation

Upgrade ezsystems/ezplatform-admin-ui to version 1.4.6 or higher.

References

CVSS Score

5.9
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    None
  • Availability
    None
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Credit
Unknown
CWE
CWE-307
Snyk ID
SNYK-PHP-EZSYSTEMSEZPLATFORMADMINUI-546871
Disclosed
06 Feb, 2020
Published
06 Feb, 2020