3 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the session management API due to a missing permission check. An attacker can impersonate other users and access sensitive resources by updating sessions if they know the session ID. Remediation Upgrade...
PT-2023-23982 · Splunk · Splunk Cloud Platform +1
Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: An unauthorized user can access the...
CVE-2022-44007
An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...