Vulnerabilities > CVE-2021-37517 - Incorrect Authorization vulnerability in Dolibarr Erp/Crm 13.0.2

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
dolibarr
CWE-863

Summary

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.

Vulnerable Configurations

Part Description Count
Application
Dolibarr
1

Common Weakness Enumeration (CWE)