Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OPEXUS eComplaint and eCase insecure password reset
Vulnerability Description
OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing security questions are not asked during the process.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
信息暴露
Vulnerability Title
OPEXUS eComplaint和OPEXUS eCASE 安全漏洞
Vulnerability Description
OPEXUS eComplaint和OPEXUS eCASE都是美国OPEXUS公司的产品。OPEXUS eComplaint是一个投诉与申诉管理平台。OPEXUS eCASE是一个案件管理系统。 OPEXUS eComplaint和OPEXUS eCASE 10.1.0.0之前版本存在安全漏洞,该漏洞源于密码重置响应中包含验证码,可能导致攻击者重置用户密码和安全问题。
CVSS Information
N/A
Vulnerability Type
N/A