{"id":"CVE-2023-36487","details":"The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account.","modified":"2026-05-18T05:55:29.014270364Z","published":"2023-06-29T00:00:00Z","database_specific":{"cna_assigner":"mitre","unresolved_ranges":[{"extracted_events":[{"introduced":"7.0_beta1"},{"fixed":"7.20"},{"introduced":"8.0_beta1"},{"fixed":"8.1"}],"source":"DESCRIPTION"}],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36487.json"},"references":[{"type":"WEB","url":"https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141694&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI"},{"type":"WEB","url":"https://docu.ilias.de/ilias.php?ref_id=1719&obj_id=141703&obj_type=PageObject&cmd=layout&cmdClass=illmpresentationgui&cmdNode=13g&baseClass=ilLMPresentationGUI"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/36xxx/CVE-2023-36487.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36487"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ilias-elearning/ilias","events":[{"introduced":"a69e33436c7961b4ae12398300443d952e02f4f2"},{"last_affected":"ea045cccce3d8f7aae662bacb172864c0da1bc84"},{"introduced":"8ae8387e9d7f958cf88a9dd37fd542195a473dd1"},{"last_affected":"75c144b931383a25f77dd79aea91b5d5fb039ca9"}],"database_specific":{"extracted_events":[{"introduced":"7.0"},{"last_affected":"7.20"},{"introduced":"8.0"},{"last_affected":"8.1"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:ilias:ilias:*:*:*:*:*:*:*:*"}}],"versions":["v7.20","v7.19","v7.18","v7.17","v7.14","v7.13","v7.10","v7.9","v7.6","v7.4","v7.3","v7.2","v7.1","v7.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-36487.json"}}],"schema_version":"1.7.5"}