Primary

Context

PMWeb Weak Password Policy Vulnerability

Vulnerability

A vulnerability in PMWeb version 7.2.0 has been identified, specifically within the Setting Handler component. This vulnerability introduces weak password requirements, potentially allowing for easier unauthorized access. The issue can be exploited remotely, although the complexity of the attack is considered high, making exploitation difficult.

Impact

Exploitation of this vulnerability could lead to unauthorized access due to weak password policies, allowing attackers to bypass authentication mechanisms.

Remediation

Users are advised to review and modify configuration settings to enforce stronger password policies.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

7.4

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

7.4

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PMWeb Weak Password Policy Vulnerability

Vulnerability

Impact

Remediation

Affected Products

PMWeb

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating