Description
When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.
Extended Description
This could be used by an attacker to change passwords for another user, thus gaining the privileges associated with that user.
CVE vulnerabilities with CWE-620 (85)
10.0
CVSS
CRITICAL
CVE-2024-20419
pub. 2024-07-17
9.9
CVSS
CRITICAL
CVE-2025-1107
pub. 2025-02-07
9.9
CVSS
CRITICAL
CVE-2024-33699
pub. 2024-10-30
9.8
CVSS
CRITICAL
CVE-2025-67041
pub. 2026-03-11
9.8
CVSS
CRITICAL
CVE-2025-70082
pub. 2026-03-11
9.8
CVSS
CRITICAL
CVE-2025-63362
pub. 2025-12-04
9.8
CVSS
CRITICAL
CVE-2025-9286
pub. 2025-10-03
9.8
CVSS
CRITICAL
CVE-2025-10159
pub. 2025-09-09
9.8
CVSS
CRITICAL
CVE-2025-4606
pub. 2025-07-09
9.8
CVSS
CRITICAL
CVE-2024-12827
pub. 2025-06-27
9.8
CVSS
CRITICAL
CVE-2025-4322
pub. 2025-05-20
9.8
CVSS
CRITICAL
CVE-2025-2253
pub. 2025-05-09
9.8
CVSS
CRITICAL
CVE-2025-3603
pub. 2025-04-24
9.8
CVSS
CRITICAL
CVE-2024-48887
pub. 2025-04-08
9.8
CVSS
CRITICAL
CVE-2024-12824
pub. 2025-03-01
9.8
CVSS
CRITICAL
CVE-2024-12860
pub. 2025-02-18
9.8
CVSS
CRITICAL
CVE-2024-13375
pub. 2025-01-18
9.8
CVSS
CRITICAL
CVE-2024-26520
pub. 2024-07-26
9.8
CVSS
CRITICAL
CVE-2023-2449
pub. 2023-11-22
9.8
CVSS
CRITICAL
CVE-2023-3069
pub. 2023-06-02
Showing 20 of 85 vulnerabilities