Lucene search
K

CVE-2024-4447

🗓️ 26 Jul 2024 02:02:32Reported by dotCMSType 
cve
 cve
🔗 web.nvd.nist.gov👁 80 Views🌐 WEB

UserSessionAjax.getSessionList.dwr exposes session IDs in the Logged Users tab in System → Maintenance tool

Related
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2024-4447
26 Jul 202402:15
attackerkb
Circl
CVE-2024-4447
26 Jul 202404:37
circl
CNNVD
DotCMS 安全漏洞
26 Jul 202400:00
cnnvd
Cvelist
CVE-2024-4447
26 Jul 202402:02
cvelist
EUVD
EUVD-2024-44066
3 Oct 202520:07
euvd
NVD
CVE-2024-4447
26 Jul 202402:15
nvd
Positive Technologies
PT-2024-31161
26 Jul 202400:00
ptsecurity
RedhatCVE
CVE-2024-4447
23 May 202507:38
redhatcve
Vulnrichment
CVE-2024-4447
26 Jul 202402:02
vulnrichment
[
  {
    "defaultStatus": "unaffected",
    "product": "dotCMS core",
    "vendor": "dotCMS",
    "versions": [
      {
        "lessThan": "23.01.20",
        "status": "affected",
        "version": "4.2.1",
        "versionType": "git"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
sessionIdpathUserSessionAjax.getSessionList.dwrExposure of session IDs via DWR leading to potential session impersonation.CWE-863
userIdpathUserAjax.getUsersList.dwrEnumeration of all users with IDs, names, and emails.CWE-863
namepathUserAjax.getUsersList.dwrEnumeration of all users with IDs, names, and emails.CWE-863
emailpathUserAjax.getUsersList.dwrEnumeration of all users with IDs, names, and emails.CWE-863
userIdpathRoleAjax.getUserRole.dwrRetrieval of user role information.CWE-863
roleIdpathRoleAjax.getRole.dwrRetrieval of role details.CWE-863
roleIdpathRoleAjax.getRolePermissions.dwrView permissions for a role.CWE-863
roleIdpathRoleAjax.isPermissionableInheriting.dwrCheck permission inheritance for a role.CWE-863
permissionIdpathRoleAjax.isPermissionableInheriting.dwrCheck permission inheritance for a role.CWE-863
roleIdpathRoleAjax.getCurrentCascadePermissionsJobs.dwrView permission cascade jobs for a role.CWE-863
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 08:01Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.19.9
EPSS0.00477
SSVC
80