Lucene search

MitreCVELIST:CVE-2021-38618

HistoryOct 04, 2021 - 5:23 p.m.

CVE-2021-38618

2021-10-0417:23:49

mitre

www.cve.org

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

JSON

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user’s credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.

References

excellium-services.com/cert-xlm-advisory/cve-2021-38618/

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.1%

JSON

Related for CVELIST:CVE-2021-38618