Описание
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.
Ссылки
- Third Party AdvisoryVDB Entry
- MitigationThird Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:prominent:multiflex_m10a_controller_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:prominent:multiflex_m10a_controller:-:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00227
Низкий
5.6 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-613
CWE-613
Связанные уязвимости
CVSS3: 5.6
github
больше 3 лет назад
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.
EPSS
Процентиль: 45%
0.00227
Низкий
5.6 Medium
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-613
CWE-613