Seceon aiSIEM before 6.3.2 (build 585) is prone to an unauthenticated account takeover vulnerability in the Forgot Password feature. The lack of correct configuration leads to recovery of the password reset link generated via the password reset functionality, and thus an unauthenticated attacker can set an arbitrary password for any user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-08T18:00:47
Updated: 2024-08-03T21:40:14.115Z
Reserved: 2021-03-12T00:00:00
Link: CVE-2021-28293
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-08T18:15:08.277
Modified: 2024-11-21T05:59:25.930
Link: CVE-2021-28293
Redhat
No data.