CVE-2021-3113

Опубликовано: 17 янв. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,

Ссылки

https://www.exploit-db.com/exploits/49435
Exploit
Third Party Advisory
VDB Entry
https://www.netsia.com/#netsiaseba
Vendor Advisory
https://www.pentest.com.tr/exploits/Netsia-SEBA-0-16-1-Authentication-Bypass-Add-Root-User-Metasploit.html
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/49435
Exploit
Third Party Advisory
VDB Entry
https://www.netsia.com/#netsiaseba
Vendor Advisory
https://www.pentest.com.tr/exploits/Netsia-SEBA-0-16-1-Authentication-Bypass-Add-Root-User-Metasploit.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:netsia:seba\+:*:*:*:*:*:*:*:*

Версия до 0.16.1 (включая)

EPSS

Процентиль: 74%

0.00836

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-64f9-rvmm-2r5q