exploitDog

CVE-2022-44788

Опубликовано: 21 нояб. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login.

Ссылки

https://members.backbox.org/maggioli-appalti-contratti-multiple-vulnerabilities/
Exploit
Third Party Advisory
https://members.backbox.org/maggioli-appalti-contratti-multiple-vulnerabilities/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:maggioli:appalti_\&_contratti:9.12.2:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00291

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-384

CWE-384

Связанные уязвимости

GHSA-h8c4-2223-6jqc

CVSS3: 6.5

github

около 3 лет назад

An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login.

EPSS

Процентиль: 52%

0.00291

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-384

CWE-384