Advisories for Maven/Org.silverpeas.core/Silverpeas-Core package

An issue in the password change function of Silverpeas v6.4.2 and lower allows for the bypassing of password complexity requirements.

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access.

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.