CWE-620

Unverified Password Change

Parent: CWE-1390 - Weak Authentication

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

82 vulnerabilities with CWE-620
CVE-2024-28143 HIGH
Image Access Scan2Net 7.40 - Cross-Site Request Forgery Password Reset
CVSS 8.4
CVE-2024-51493 MEDIUM
OctoPrint <= 1.10.2 - Unverified Password Change via Stolen API Key
CVSS 5.3
CVE-2024-33699 CRITICAL
LevelOne WBR-6012 - Privilege Escalation
CVSS 9.9
CVE-2024-8794 MEDIUM
BA Book Everything <1.6.20 - Info Disclosure
CVSS 5.3
CVE-2024-21757 MEDIUM
Fortinet FortiManager/FortiAnalyzer <7.4.1 - Info Disclosure
CVSS 6.1
CVE-2024-26520 CRITICAL
Restaurant Digital Comprehensive Management <v1 - Auth Bypass
CVSS 9.8
CVE-2024-37998 CRITICAL
CPCI85 Central Processing/Communication < V5.40 - Privilege Escalation
CVSS 9.8
CVE-2024-20419 CRITICAL
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
CVSS 10.0
CVE-2024-27715 HIGH
Eskooly Free Online School <3.0 - Privilege Escalation
CVSS 8.2
CVE-2024-2213 LOW
zenml-io/zenml <0.55.4 - Auth Bypass
CVSS 3.3
CVE-2024-34077 HIGH
MantisBT < 2.26.2 - Unauthenticated Account Takeover via Password Reset Token Reuse
CVSS 7.3
CVE-2024-23637 MEDIUM
OctoPrint <= 1.9.3 - Unverified Password Change
CVSS 4.2
CVE-2023-4465 LOW
Poly Trio and CCX Devices - Unverified Password Change via Configuration File Import
CVSS 2.7
CVE-2023-2449 CRITICAL
UserPro < 5.1.1 - Unauthenticated Password Reset via Plaintext Reset Key
CVSS 9.8
CVE-2023-4214 HIGH
AppPresser <4.2.5 - Info Disclosure
CVSS 8.1
CVE-2023-5844 HIGH
pimcore admin_classic_bundle < 1.1.4 and admin-ui-classic-bundle < 1.2.0-RC1 - Unverified Password Change
CVSS 7.2
CVE-2023-4915 MEDIUM
WP User Control <1.5.3 - Info Disclosure
CVSS 5.3
CVE-2023-4381 MEDIUM
instantsoft/icms2 <2.16.1 - Info Disclosure
CVSS 4.3
CVE-2023-3069 CRITICAL
tsolucio/corebos <8 - Info Disclosure
CVSS 9.8
CVE-2023-2297 CRITICAL
Profile Builder < 3.9.0 - Unauthenticated Password Reset via Plaintext Reset Key
CVSS 9.8
CVE-2023-25931 MEDIUM
Medtronic InterStim X and Micro Clinician - Unverified Password Change
CVSS 6.4
CVE-2022-3152 HIGH
phpfusion < 9.10.20 - Unverified Password Change
CVSS 8.8
CVE-2022-2930 HIGH
octoprint/octoprint <1.8.3 - Info Disclosure
CVSS 7.8
CVE-2022-21935 HIGH
Metasys ADS/ADX/OAS <10.1.5, <11.0.2 - Privilege Escalation
CVSS 7.5
CVE-2022-21934 HIGH
Metasys ADS/ADX/OAS <10.1.5, <11.0.2 - Privilege Escalation
CVSS 8.0
Details
Vulnerabilities 82
Links
MITRE CWE Entry Search this CWE With Exploits