{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:06:25.342","vulnerabilities":[{"cve":{"id":"CVE-2021-25957","sourceIdentifier":"vulnerabilitylab@mend.io","published":"2021-08-17T15:15:08.040","lastModified":"2024-11-21T05:55:40.397","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In “Dolibarr” application, v2.8.1 to v13.0.2 are vulnerable to account takeover via password reset functionality. A low privileged attacker can reset the password of any user in the application using the password reset link the user received through email when requested for a forgotten password."},{"lang":"es","value":"En la aplicación \"Dolibarr\", versiones v2.8.1 a v13.0.2, son vulnerables a la toma de cuenta por medio de la funcionalidad password reset. Un atacante poco privilegiado puede restablecer la contraseña de cualquier usuario de la aplicación usando el enlace de restablecimiento de contraseña que el usuario recibió mediante correo electrónico cuando se le solicitó una contraseña olvidada."}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","description":[{"lang":"en","value":"CWE-640"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-640"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:*","versionStartIncluding":"2.8.1","versionEndIncluding":"13.0.2","matchCriteriaId":"730BE634-E4DD-4AC7-89A0-74ED7ED1EB2D"}]}]}],"references":[{"url":"https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377","source":"vulnerabilitylab@mend.io","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25957","source":"vulnerabilitylab@mend.io","tags":["Third Party Advisory"]},{"url":"https://github.com/Dolibarr/dolibarr/commit/87f9530272925f0d651f59337a35661faeb6f377","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25957","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}