Lucene search
HistoryMay 14, 2024 - 9:15 p.m.
CVE-2024-31556
cve-2024-31556
local attacker
arbitrary code
sensitive information
sessionid function
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
High
An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function.
Related
veracode
veracode
Improper Session Management
2024-05-15 06:18:40
github
github
Reportico Web fails to invalidate cookies upon logout
2024-05-14 21:34:44
cvelist
cvelist
CVE-2024-31556
1976-01-01 00:00:00
osv
osv
Reportico Web fails to invalidate cookies upon logout
2024-05-14 21:34:44
CVE-2024-31556
2024-05-14 21:15:12
cve
cve
CVE-2024-31556
2024-05-14 21:15:12
vulnrichment
vulnrichment
CVE-2024-31556
1976-01-01 00:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
6.9
Confidence
High
Related for NVD:CVE-2024-31556