8.8
CVE-2007-6763
- EPSS 0.49%
- Veröffentlicht 31.07.2019 18:15:10
- Zuletzt bearbeitet 21.11.2024 00:40:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginSAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sas ≫ Sas Drug Development Version < 32drg02
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.645 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.