CVE Catalog

CVE-2024-42850

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.45%

70th percentile - higher than 70% of all known CVEs

Summary

In Silverpeas version 6.4.2 and lower, the password change function does not enforce password complexity requirements, allowing weak passwords to be set.

Risk Assessment

An attacker can set an easily guessable password for a user account, increasing the risk of unauthorized access to the system.

Recommendation

Immediately upgrade Silverpeas to a version newer than 6.4.2 that includes a fix enforcing password complexity.

Original NVD description (English source)

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS