Cryptographic Vulnerability in dotCMS Core Versions by dotCMS
CVE-2022-45782

8.8HIGH

Key Information:

Vendor: Dotcms
Status: Dotcms
Vendor: CVE Published:; 1 February 2023

What is CVE-2022-45782?

A security issue has been identified in dotCMS core versions 5.3.8.5 through 5.3.8.15, as well as 21.03 through 22.10.1, due to the use of a cryptographically insecure algorithm for password-reset token generation. This flaw exposes systems to the risk of account takeover, making it critical for users to apply security patches and updates promptly to mitigate potential exploitation.

References

https://www.dotcms.com/security/SI-66

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2023
Vulnerability Reserved
Nov 22, 2022

JSON

Dotcms

What is CVE-2022-45782?

References

CVSS V3.1

Timeline