CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
59.2%
A vulnerability in the AbstractSessionListener component of the Symfony web application development and management platform is related to an incorrect authorization procedure.
Symfony web application development and management platform is related to incorrect authorization procedure. Exploitation of the vulnerability could
allow an attacker acting remotely to gain access to a user’s session
A vulnerability in the Symfony web application development and management software platform is related to
incorrect session management. Exploitation of the vulnerability could allow an attacker acting remotely to perform CSR.
remotely to launch a CSRF attack
A vulnerability in the Symfony web application development and management software platform exists due to
failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker,
acting remotely, to disclose protected information, perform phishing and disk-loading attacks.
disk-loading
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | php-symfony4 | < 4.4.50-2 | UNKNOWN |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
59.2%