Описание
GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:grandit:grandit:1.6:*:*:*:*:*:*:*
cpe:2.3:a:grandit:grandit:2.0:*:*:*:*:*:*:*
cpe:2.3:a:grandit:grandit:2.1:*:*:*:*:*:*:*
cpe:2.3:a:grandit:grandit:2.2:*:*:*:*:*:*:*
cpe:2.3:a:grandit:grandit:2.3:*:*:*:*:*:*:*
cpe:2.3:a:grandit:grandit:3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00415
Низкий
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-639
Связанные уязвимости
github
больше 3 лет назад
GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors.
EPSS
Процентиль: 61%
0.00415
Низкий
6.5 Medium
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-639