Vulnerabilities > CVE-2021-37517 - Incorrect Authorization vulnerability in Dolibarr Erp/Crm 13.0.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
dolibarr
CWE-863
NVD
Published: 2022-03-31
Updated: 2022-04-11

Summary

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.

Vulnerable Configurations

Part Description Count
Application
Dolibarr
1

Common Weakness Enumeration (CWE)

References