Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2019-0014
Good to know:
Date: January 22, 2019
TYPO3 in versions 8.0.0-8.7.22 and 9.0.0-9.5.3 When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Insufficiently Protected Credentials
CWE-522Top Fix
Upgrade Version
Upgrade to version typo3/cms - TYPO3_8-7-3;typo3/cms - dev-TYPO3_8-7;typo3/cms - 7.6.31;typo3/cms - 7.6.24;typo3/cms - 7.6.19;typo3/cms - 7.6.13;typo3/cms - 7.6.25;typo3/cms - 8.7.5;typo3/cms - TYPO3_7-6-20;typo3/cms - 7.6.29;typo3/cms - 8.7.4;typo3/cms - 7.6.30;typo3/cms - v9.4.0;typo3/cms - 8.7.9;typo3/cms - 8.7.12;typo3/cms - 8.7.8;typo3/cms - 8.4.0;typo3/cms - 7.6.28;typo3/cms - 8.5.0;typo3/cms - 8.7.2;typo3/cms - 7.6.16;typo3/cms - 7.6.32;typo3/cms - 8.7.11;typo3/cms - 8.7.13;typo3/cms - 7.6.27;typo3/cms - 7.6.21;typo3/cms - v9.5.2;typo3/cms - 8.0.0;typo3/cms - 8.3.0;typo3/cms - 7.6.26;typo3/cms - 8.6.1;typo3/cms - 8.7.10;typo3/cms - 8.7.14;typo3/cms - 7.6.22;typo3/cms - 8.7.15;typo3/cms - 8.7.7;typo3/cms - 8.7.6;typo3/cms - v9.5.4;typo3/cms - 8.7.19;typo3/cms - 7.6.11;typo3/cms - 8.7.16;typo3/cms - 7.6.23;typo3/cms - 8.7.18;typo3/cms - 8.7.17;instituteweb/typo3-cms - 6.2.19;instituteweb/typo3-cms - no_fix;typo3/cms-core - v9.4.0;typo3/cms-core - v8.7.19
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | NONE |
| Availability (A): | NONE |