CWE-620

Unverified Password Change

Parent: CWE-1390 - Weak Authentication

When setting a new password for a user, the product does not require knowledge of the original password, or using another form of authentication.

78 vulnerabilities with CWE-620
CVE-2024-21757 MEDIUM
Fortinet FortiManager/FortiAnalyzer <7.4.1 - Info Disclosure
CVSS 6.1
CVE-2024-26520 CRITICAL
Restaurant Digital Comprehensive Management <v1 - Auth Bypass
CVSS 9.8
CVE-2024-37998 CRITICAL
CPCI85 Central Processing/Communication < V5.40 - Privilege Escalation
CVSS 9.8
CVE-2024-20419 CRITICAL
Cisco Smart Software Manager (SSM) On-Prem Account Takeover (CVE-2024-20419)
CVSS 10.0
CVE-2024-27715 HIGH
Eskooly Free Online School <3.0 - Privilege Escalation
CVSS 8.2
CVE-2024-2213 LOW
zenml-io/zenml <0.55.4 - Auth Bypass
CVSS 3.3
CVE-2024-34077 HIGH
MantisBT - Privilege Escalation
CVSS 7.3
CVE-2024-23637 MEDIUM
Octoprint < 1.9.3 - Authentication Bypass
CVSS 4.2
CVE-2023-4465 LOW
Poly Trio and CCX Devices - Unverified Password Change via Configuration File Import
CVSS 2.7
CVE-2023-2449 CRITICAL
Userpro < 5.1.1 - SQL Injection
CVSS 9.8
CVE-2023-4214 HIGH
AppPresser <4.2.5 - Info Disclosure
CVSS 8.1
CVE-2023-5844 HIGH
Pimcore Admin Classic Bundle < 1.1.4 - Authentication Bypass
CVSS 7.2
CVE-2023-4915 MEDIUM
WP User Control <1.5.3 - Info Disclosure
CVSS 5.3
CVE-2023-4381 MEDIUM
instantsoft/icms2 <2.16.1 - Info Disclosure
CVSS 4.3
CVE-2023-3069 CRITICAL
tsolucio/corebos <8 - Info Disclosure
CVSS 9.8
CVE-2023-2297 CRITICAL
Cozmoslabs Profile Builder < 3.9.0 - Authentication Bypass
CVSS 9.8
CVE-2023-25931 MEDIUM
Medtronic Interstim X Clinician - Authentication Bypass
CVSS 6.4
CVE-2022-3152 HIGH
Php-fusion Phpfusion < 9.10.20 - Authentication Bypass
CVSS 8.8
CVE-2022-2930 HIGH
octoprint/octoprint <1.8.3 - Info Disclosure
CVSS 7.8
CVE-2022-21935 HIGH
Metasys ADS/ADX/OAS <10.1.5, <11.0.2 - Privilege Escalation
CVSS 7.5
CVE-2022-21934 HIGH
Metasys ADS/ADX/OAS <10.1.5, <11.0.2 - Privilege Escalation
CVSS 8.0
CVE-2021-34786 MEDIUM
Cisco Broadworks Commpilot Applicatio... - Authentication Bypass
CVSS 6.5
CVE-2021-34785 MEDIUM
Cisco Broadworks Commpilot Applicatio... - Authentication Bypass
CVSS 6.5
CVE-2021-22773 MEDIUM
EVlink City/EVlink Parking/EVlink Smart Wallbox <R8 V3.4.0.1 - Unve...
CVSS 6.5
CVE-2020-7378 CRITICAL
Opencrx < 4.3.0 - Authentication Bypass
CVSS 9.1
Details
Vulnerabilities 78
Links
MITRE CWE Entry Search this CWE With Exploits