CVE-2022-4231

Опубликовано: 30 нояб. 2022

Источник: nvd

CVSS3: 4.2

CVSS3: 5.4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.

Ссылки

https://github.com/lithonn/bug-report/tree/main/vendors/tribalsystems/zenario/session-fixation
Exploit
Third Party Advisory
https://vuldb.com/?id.214589
Third Party Advisory
https://github.com/lithonn/bug-report/tree/main/vendors/tribalsystems/zenario/session-fixation
Exploit
Third Party Advisory
https://vuldb.com/?id.214589
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tribalsystems:zenario:9.3.57595:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00202

Низкий

4.2 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-384

Связанные уязвимости

GHSA-6657-9743-4mc6

CVSS3: 5.4

github

около 3 лет назад

Tribal Systems Zenario CMS vulnerable to Session Fixation

EPSS

Процентиль: 42%

0.00202

Низкий

4.2 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-384