CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-25027

The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.3%

CVSS Severity

CVSS v3 Score 7.5

References

https://labs.nettitude.com/blog/cve-2022-25026-cve-2022-25027-vulnerabilities-in-rocket-trufusion-enterprise/
https://labs.nettitude.com/blog/cve-2022-25026-cve-2022-25027-vulnerabilities-in-rocket-trufusion-enterprise/

Products affected by CVE-2022-25027

Rocketsoftware » Trufusion Enterprise » Version: N/A

cpe:2.3:a:rocketsoftware:trufusion_enterprise:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25027

Products

Pricing

Contact Us