How severe is CVE-2021-25961?

CVE-2021-25961 has a CVSS v3 score of 8 (HIGH).

CVE-2021-25961

Name: suitecrm
Author: salesagility

8.0HIGH

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible f

公開日: 9/29/2021更新日: 11/21/2024

説明

In “SuiteCRM” application, v7.1.7 through v7.10.31 and v7.11-beta through v7.11.20 fail to properly invalidate password reset links that is associated with a deleted user id, which makes it possible for account takeover of any newly created user with the same user id.

AI分析AIによる分析

影響を受ける製品

salesagilitysuitecrm

参照

https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513
PatchThird Party Advisory
https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648
PatchThird Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961
Third Party Advisory
https://github.com/salesagility/SuiteCRM/commit/7124482fe07ee164923d974456ed31e45f65e513
PatchThird Party Advisory
https://github.com/salesagility/SuiteCRM/commit/f463031bee59676d7d5be53bb32d551cd70a5648
PatchThird Party Advisory
https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25961
Third Party Advisory