CRITICAL🇵🇱 Wersja polska

CVE-2024-42850

CVSS 9.8v3.1pub. 2024-08-16upd. 2026-07-05

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

🤖 AI Analysis
How it works

The vulnerability concerns the implementation of the password change mechanism (CWE-521: Weak Password Requirements). Password complexity verification can be bypassed, meaning that server-side controls are not properly enforced. As a result, it is possible to set a password that does not meet minimum security requirements — such as very short or trivial passwords — without any blocking from the application.

Impact

An attacker can set a weak or trivial password for an account, making it easier to compromise later using methods such as dictionary attacks or brute-force. As a result, unauthorized access to the system and associated data is possible.

Mitigation & patch

Apply patches available from the vendor according to the references. It is recommended to update to a version higher than 6.4.2. Until the patch is implemented, it is recommended to enforce a strong password policy at the organizational level and monitor password change attempts in application logs.

Who is affected

Silverpeas in version 6.4.2 and lower.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Silverpeas

    APP
    Silverpeas
    ≤ 6.4.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-36042CRITICAL9.8PL ✓ten sam produkt

Silverpeas – pominięcie hasła umożliwia dostęp jako superadmin (Auth Bypass)

CVE-2018-19586CRITICAL9.9ten sam produkt

Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be tr...

CVE-2024-48814HIGH7.5ten sam produkt

SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via t...

CVE-2023-47320HIGH8.1ten sam produkt

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to ex...

CVE-2023-47323HIGH7.5ten sam produkt

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID paramete...