CVE Catalog
CVE-2024-42850
CriticalCVSS 9.8Exploitation Probability (EPSS)
Elevated risk1.45%
70th percentile - higher than 70% of all known CVEs
Summary
In Silverpeas version 6.4.2 and lower, the password change function does not enforce password complexity requirements, allowing weak passwords to be set.
Risk Assessment
An attacker can set an easily guessable password for a user account, increasing the risk of unauthorized access to the system.
Recommendation
Immediately upgrade Silverpeas to a version newer than 6.4.2 that includes a fix enforcing password complexity.
Original NVD description (English source)
An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

