2 matches found
CVE-2017-14013
The CVE-2017-14013 issue is confirmed in ProMinent MultiFLEX M10a Controller web interface, where the logout function removes the user’s session only on the client side (Client-Side Enforcement of Server-Side Security). This allows potential bypass of protection mechanisms and identity impersonat...
ProMinent MultiFLEX M10a Controller
CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: ProMinent Equipment: MultiFLEX M10a Controller Vulnerabilities: Client-Side Enforcement of Server-Side Security, Insufficient Session Expiration, Cross-Site Request Forgery, Information Exposure, and Unverified Passwo...