Mangati NovoSGA User Creation new weak password_CVE-2025-11322

6.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Description

A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirmação da senha can lead to weak password requirements. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-11322

Source VulDB

Published Oct 6, 2025 at 05:32

Affected Product

Vendor Mangati

Product NovoSGA

Version 2.2.0

Affected Versions Mangati NovoSGA 2.2.0
Mangati NovoSGA 2.2.1
Mangati NovoSGA 2.2.2
Mangati NovoSGA 2.2.3
Mangati NovoSGA 2.2.4
Mangati NovoSGA 2.2.5
Mangati NovoSGA 2.2.6
Mangati NovoSGA 2.2.7
Mangati NovoSGA 2.2.8
Mangati NovoSGA 2.2.9
Mangati NovoSGA 2.2.10
Mangati NovoSGA 2.2.11
Mangati NovoSGA 2.2.12

CWE Classification

CWE-521

References

{
    "lastseen": "",
    "description": "A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page. Executing manipulation of the argument Senha/Confirma\u00e7\u00e3o da senha can lead to weak password requirements. The attack can be launched remotely. Attacks of this nature are highly complex. The exploitability is regarded as difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-06T05:32:05.987Z",
    "modified": "2025-10-06T05:32:05.987Z",
    "type": "cve",
    "title": "Mangati NovoSGA User Creation new weak password",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.327203\nhttps://vuldb.com/?ctiid.327203\nhttps://vuldb.com/?submit.664517\nhttps://github.com/marcelomulder/CVE/blob/main/NovoSga/CVE-2025-11322.md\nhttps://github.com/marcelomulder/CVE/blob/main/NovoSga/Weak%20Password%20Policy%20in%20Novosga.md",
    "id": "CVE-2025-11322",
    "bulletinFamily": "",
    "cwe": [
        "CWE-521"
    ],
    "cvelist": null,
    "sourceData": "Mangati NovoSGA 2.2.0\nMangati NovoSGA 2.2.1\nMangati NovoSGA 2.2.2\nMangati NovoSGA 2.2.3\nMangati NovoSGA 2.2.4\nMangati NovoSGA 2.2.5\nMangati NovoSGA 2.2.6\nMangati NovoSGA 2.2.7\nMangati NovoSGA 2.2.8\nMangati NovoSGA 2.2.9\nMangati NovoSGA 2.2.10\nMangati NovoSGA 2.2.11\nMangati NovoSGA 2.2.12",
    "sourceHref": "",
    "cvss": {
        "score": 6.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NovoSGA",
    "version": "2.2.0",
    "vendor": "Mangati",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}