Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.silverpeas.core:silverpeas-core(Maven) | 0 | 6.3.5 | N/A |
CVSS Metrics
