CVE-2022-44007

Exploit

EPSS 0.38%
Veröffentlicht 16.11.2022 22:15:11
Zuletzt bearbeitet 29.04.2025 21:15:49
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Backclick ≫ Backclick Version5.9.63 SwEditionprofessional

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.589

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037

Third Party Advisory

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-036.txt

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-44007

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-44007

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-44007

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-44007