9.1
CVE-2021-21308
- EPSS 0.31%
- Veröffentlicht 26.02.2021 20:15:12
- Zuletzt bearbeitet 21.11.2024 05:47:59
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginImproper session management for soft logout
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Prestashop ≫ Prestashop Version > 1.5.0.0 < 1.7.7.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.542 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:P/I:P/A:N
|
| security-advisories@github.com | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.