Описание
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.20r (включая)
Одно из
cpe:2.3:a:serendipitynz:serene_bach:*:*:*:*:*:*:*:*
cpe:2.3:a:serendipitynz:serene_bach:1.18r:*:*:*:*:*:*:*
cpe:2.3:a:serendipitynz:serene_bach:1.19r:*:*:*:*:*:*:*
cpe:2.3:a:serendipitynz:serene_bach:2.05r:*:*:*:*:*:*:*
cpe:2.3:a:serendipitynz:serene_bach:2.08d:*:*:*:*:*:*:*
cpe:2.3:a:serendipitynz:serene_bach:2.09r:*:*:*:*:*:*:*
cpe:2.3:a:serendipitynz:serene_bach:3.00:beta023:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00675
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.
EPSS
Процентиль: 71%
0.00675
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other