Описание
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session.
Уязвимые конфигурации
Конфигурация 1Версия от 11.5 (включая) до 12.0.2 (исключая)
cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00206
Низкий
3.9 Low
CVSS3
7.5 High
CVSS3
Дефекты
CWE-384
CWE-613
Связанные уязвимости
CVSS3: 3.9
github
почти 2 года назад
Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session.
EPSS
Процентиль: 43%
0.00206
Низкий
3.9 Low
CVSS3
7.5 High
CVSS3
Дефекты
CWE-384
CWE-613