CNNVD-202511-977 Information

CNNVD ID

CNNVD-202511-977

Related CVE

CVE-2025-12866

• CNNVD Published: 2025-11-10

Description (Chinese)

Hundred Plus EIP Plus是中国台湾百加资通（Hundred Plus）公司的一个企业管理软件。 Hundred Plus EIP Plus存在授权问题漏洞，该漏洞源于密码恢复机制薄弱，可能导致未经身份验证的远程攻击者预测或暴力破解密码重置链接。

Description (English)

Hundred Plus EIP Plus is an enterprise management software of the Hongred Plus Corporation of China. Hundred Plus EIP Plus has a mandate gap, which stems from weak password restoration mechanisms, which may lead to unidentified long-range attackers predicting or violently breaking passwords to reset links.

Hazard Level

Low

Vulnerability Type

授权问题

Affected Vendor

百加资通

Published

2025-11-10

Last Modified

2026-02-24

References

https://www.twcert.org.tw/en/cp-139-10491-004b0-2.html https://www.twcert.org.tw/tw/cp-132-10490-2534b-1.html

Patch

https://www.hundredplus.com/portal/en/productservice/officeplus/eipplus/