CVE-2024-23586

EPSS 0.38%
Veröffentlicht 27.09.2024 22:15:12
Zuletzt bearbeitet 07.10.2024 15:30:56
Quelle psirt@hcl.com
CVE-Watchlists
Login
Unerledigt
Login

An insufficient session timeout vulnerability affects HCL Nomad server on Domino

HCL Nomad is susceptible to an insufficient session expiration vulnerability.   Under certain circumstances, an unauthenticated attacker could obtain old session information.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hcltech ≫ Hcl Nomad SwPlatform- Version < 1.0.13

Hcltech ≫ Domino Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.588

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@hcl.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0115264

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-23586

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-23586

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-23586

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-23586