Описание
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 14.0.0 (включая)Версия до 12.5.13 (включая)
Одновременно
cpe:2.3:a:bitrix:bitrix_e-store_module:*:*:*:*:*:*:*:*
cpe:2.3:a:bitrix:bitrix_site_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00433
Низкий
7.5 High
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.
EPSS
Процентиль: 62%
0.00433
Низкий
7.5 High
CVSS2
Дефекты
CWE-287