3 matches found
CVE-2021-3113
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...
CVE-2021-3113
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, a...
CVE-2021-3113
Summary: CVE-2021-3113 affects Netsia SEBA+ up to version 0.16.1 build 70-e669dcd7. A direct request to /session/list/allActiveSession can disclose session cookies, potentially exposing an admin’s cookie and enabling admin access if an admin is logged in at the time of the request. Impact (as sta...