Vulnerability Description
The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request.
CVSS Score
7.4
HIGH
AV:A/AC:M/Au:S/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lepide | Active Directory Self Service | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/78729
- http://www.zerodayinitiative.com/advisories/ZDI-15-621
- http://www.securityfocus.com/bid/78729
- http://www.zerodayinitiative.com/advisories/ZDI-15-621
FAQ
What is CVE-2015-8570?
CVE-2015-8570 is a vulnerability with a CVSS score of 7.4 (HIGH). The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request.
How severe is CVE-2015-8570?
CVE-2015-8570 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8570?
Check the references section above for vendor advisories and patch information. Affected products include: Lepide Active Directory Self Service.