Описание
Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.
Ссылки
- Third Party Advisory
- Patch
- Patch
- Patch
- Issue Tracking
- PatchVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Patch
- Patch
- Patch
- Issue Tracking
- PatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 7.7.4 (исключая)
Одно из
cpe:2.3:a:enonic:xp:*:*:*:*:*:*:*:*
cpe:2.3:a:enonic:xp:7.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:enonic:xp:7.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:enonic:xp:7.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:enonic:xp:7.8.0:rc1:*:*:*:*:*:*
cpe:2.3:a:enonic:xp:7.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:enonic:xp:7.8.0:rc3:*:*:*:*:*:*
EPSS
Процентиль: 79%
0.01219
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-384
CWE-384
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
com.enonic.xp:lib-auth vulnerable to Session Fixation
EPSS
Процентиль: 79%
0.01219
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-384
CWE-384