CVE-2017-17708

MEDIUM

Pleasant Password Server < 7.8.3 - Authenticated Incorrect Authorization

Title source: llm
STIX 2.1

Description

Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.profundis-labs.com/advisories/CVE-2017-17708.txt

Scores

CVSS v3 4.3
EPSS 0.0058
EPSS Percentile 43.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-863
Status published
Products (1)
pleasantsolutions/pleasant_password_server < 7.8.3
Published Jul 31, 2018
Tracked Since Feb 18, 2026