CVE-2020-35358

Exploit

EPSS 1.48%
Veröffentlicht 15.03.2021 12:15:12
Zuletzt bearbeitet 21.11.2024 05:27:13
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

DomainMOD domainmod-v4.15.0 is affected by an insufficient session expiration vulnerability. On changing a password, both sessions using the changed password and old sessions in any other browser or device do not expire and remain active. Such flaws frequently give attackers unauthorized access to some system data or functionality.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Domainmod ≫ Domainmod Version4.15.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.48%	0.807

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://gist.github.com/anku-agar/0fec2ffd98308e550ce9b5d4b395d0d7

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-35358

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-35358

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-35358

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-35358