Lucene search
HistoryMay 30, 2014 - 2:55 p.m.
CVE-2013-6788
bitrix
e-store
module
vulnerability
14.0.1
bitrix site manager
remote attack
authentication bypass
7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.9%
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bitrix:bitrix_e-store_module | bitrix bitrix e-store module | le | 14.0.0 |
Related
seebug
seebug
Bitrix Site Managerη¨ζ·θΊ«δ»½ζ¬ΊιͺζΌζ΄
2013-12-16 00:00:00
securityvulns
securityvulns
User Identity Spoofing in Bitrix Site Manager
2014-01-09 00:00:00
packetstorm
packetstorm
Bitrix Site Manager 12.5.13 Insufficient Verification
2013-12-16 00:00:00
prion
prion
Authentication flaw
2014-05-30 14:55:00
htbridge
htbridge
User Identity Spoofing in Bitrix Site Manager
2013-11-06 00:00:00
7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.9%
Related for CVE-2013-6788