3 matches found
CVE-2017-14007
An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization...
CVE-2017-14007
CVE-2017-14007 affects the ProMinent MultiFLEX M10a Controller web interface. The issue is Insufficient Session Expiration: a user’s session remains usable beyond the last activity, allowing an attacker to reuse an old session for authorization. Public sources (NVD) document the vulnerability wit...
ProMinent MultiFLEX M10a Controller
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ProMinent Equipment: MultiFLEX M10a Controller Vulnerabilities: Client-Side Enforcement of Server-Side Security, Insufficient Session Expiration, Cross-Site Request Forgery, Information Exposure, and Unverified Passwo...