CVE-2022-25027
First published: Thu Jan 12 2023(Updated: )
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rocket Software TruFusion Enterprise | <7.9.5.1 | |
| <7.9.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-25027?
CVE-2022-25027 is classified as a high severity vulnerability due to its potential for unauthorized access.
How do I fix CVE-2022-25027?
To address CVE-2022-25027, update Rocket TRUfusion Portal to version 7.9.5.1 or later.
What is the impact of CVE-2022-25027?
CVE-2022-25027 allows remote attackers to bypass authentication, leading to unauthorized access to restricted pages.
Which versions of Rocket TRUfusion Portal are affected by CVE-2022-25027?
CVE-2022-25027 affects Rocket TRUfusion Portal versions prior to 7.9.5.1.
Is there a patch available for CVE-2022-25027?
Yes, a patch is available by upgrading to Rocket TRUfusion Portal version 7.9.5.1 or newer.
- agent/type
- agent/references
- agent/author
- agent/remedy
- agent/severity
- agent/first-publish-date
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/event
- vendor/rocketsoftware
- canonical/rocket software trufusion enterprise