Vulnerabilities > CVE-2021-28399 - Unspecified vulnerability in Orangehrm 4.7

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
orangehrm
NVD
Published: 2021-04-26
Updated: 2021-05-05

Summary

OrangeHRM 4.7 allows an unauthenticated user to enumerate the valid username and email address via the forgot password function.

Vulnerable Configurations

Part Description Count
Application
Orangehrm
1

References