Observable Response Discrepancy in Pimcore - CVE-2021-39189
Published: September 15, 2021 / Updated: June 12, 2026
Pimcore
Detailed vulnerability description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to observable response discrepancy in forgot password functionality when handling password reset requests. A remote attacker can submit password reset requests for different usernames to disclose sensitive information.