CVE-2017-8879

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.

Published : 2017-05-10 14:29 Updated : 2019-10-03 00:03

4.6
CVSS Score More info
Score 4.6 / 10
4.6
Vendor Product Version URI
Dolibarr Dolibarr 4.0.4 cpe:/a:dolibarr:dolibarr:4.0.4
  1. Dolibarr (1) Search CVE
    1. Dolibarr (1) Search CVE
      1. 4.0.4

CWE

ID Name Description Links
CWE-287 Improper Authentication When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. CVE

History of changes

Date Event
2019-10-03 00:03
2017-05-10 14:29

New CVE