3 matches found
CVE-2022-21652 Insufficient Session Expiration in shopware
Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account...
CVE-2022-21652 Insufficient Session Expiration in shopware
Shopware is an open source e-commerce software platform. In affected versions shopware would not invalidate a user session in the event of a password change. With version 5.7.7 the session validation was adjusted, so that sessions created prior to the latest password change of a customer account...
CVE-2022-21652
Shopware prior to 5.7.7 does not invalidate existing sessions on password change. In 5.7.7 the session validation was adjusted so that sessions created before the latest password change cannot be used to log in, and all existing sessions for that account are invalidated after a password change. R...