Main Vulnerability Database Vulnerabilities #VU39061

#VU39061 Improper Authentication in dolibarr - CVE-2017-8879

Published: May 10, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39061

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-8879

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
dolibarr

Software vendor:
Dolibarr ERP & CRM

Description

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.

Remediation

Install update from vendor's website.

External links

https://www.foxmole.com/advisories/foxmole-2017-02-23.txt

#VU39061 Improper Authentication in dolibarr - CVE-2017-8879

Description

Remediation

External links

Please verify you're human