exploitDog

CVE-2023-37570

Опубликовано: 08 авг. 2023

Источник: nvd

CVSS3: 7.2

CVSS3: 8.8

EPSS Низкий

Описание

This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.

Ссылки

https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226
Third Party Advisory
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:esds.co:emagic_data_center_management:*:*:*:*:*:*:*:*

Версия до 6.0 (включая)

EPSS

Процентиль: 47%

0.00241

Низкий

7.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-613

CWE-613

Связанные уязвимости

GHSA-9rpj-r444-xvp8

CVSS3: 7.2

github

больше 2 лет назад

This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.

EPSS

Процентиль: 47%

0.00241

Низкий

7.2 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-613

CWE-613