Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-36042

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.

Published

2024-06-03T06:15:09.293

Last Modified

2025-05-29T20:21:54.353

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-288

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	silverpeas	silverpeas	< 6.3.5	Yes

References

https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d Exploit ([email protected])
https://github.com/Silverpeas/Silverpeas-Core/tags Product ([email protected])
https://silverpeas.org/ Product ([email protected])
https://gist.github.com/ChrisPritchard/4b6d5c70d9329ef116266a6c238dcb2d Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Silverpeas/Silverpeas-Core/tags Product (af854a3a-2127-422b-91ae-364da2661108)
https://silverpeas.org/ Product (af854a3a-2127-422b-91ae-364da2661108)