Auth bypass in Rocketsoftware Trufusion_enterprise
CVE-2022-25027
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.
EPSS: 0.011 (60.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Rocketsoftware Trufusion_enterprise
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Patch, Third Party Advisory)
Frequently asked questions
- What is CVE-2022-25027?
- CVE-2022-25027 is a high-severity vulnerability in Rocketsoftware Trufusion_enterprise, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 7.5/10. Published 2023-01-12.
- How severe is CVE-2022-25027?
- High severity. CVSS v3 base score is 7.5 out of 10.