Access Control Vulnerability in Dolibarr ERP/CRM by Dolibarr
CVE-2021-37517

7.5HIGH

Key Information:

Vendor: Dolibarr
Status: Dolibarr Erp\/crm
Vendor: CVE Published:; 31 March 2022

What is CVE-2021-37517?

An access control vulnerability is present in Dolibarr ERP/CRM version 13.0.2, where the forgot-password functionality accommodates email addresses as usernames. This flaw may allow an attacker to launch a Denial of Service attack by exploiting the system's handling of requests, potentially disrupting legitimate user access and operational continuity. The issue has been resolved in version 14.0.0, which users should upgrade to in order to mitigate the risk.

References

https://github.com/Dolibarr/dolibarr/commit/b57eb8284e830...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2022
Vulnerability Reserved
Jul 26, 2021