Lucene search
K

61 matches found

BDU FSTEC
BDU FSTEC
added 2023/10/06 12:0 a.m.8 views

The vulnerability of the software for centralized logging, analysis, and storage of logs by Graylog, related to incorrect session duration settings, allows a hacker to intercept a user’s session.

The vulnerability of the Graylog log collection, analysis, and storage software lies in the incorrect duration of the session. Exploiting this vulnerability allows a remote attacker to intercept the user’s session...

3.1CVSS5.4AI score0.00411EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/09/19 12:0 a.m.7 views

The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers allows a violator to intercept an active session.

The vulnerability of the QMS.Mobile module of the quality management software for automobile manufacturers, QMS Automotive, is related to incorrect session duration. Exploiting this vulnerability could allow an attacker to intercept the active session...

3.9CVSS5.5AI score0.00144EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/11 12:0 a.m.8 views

The vulnerability of the Admidio membership management and access control application lies in its incorrect session duration, which allows attackers to gain access to confidential information and arbitrary functions of the application.

The vulnerability of the Admidio membership management and access control application is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to confidential information and arbitrary functions of the application...

6.5CVSS6.7AI score0.00507EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/08/01 12:0 a.m.6 views

The vulnerability of the command-line interface of FortiOS operating systems allows a hacker to execute arbitrary commands.

The vulnerability of the command-line interface in FortiOS systems is related to incorrect session duration settings. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9.8CVSS8.1AI score0.00506EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/05/17 12:0 a.m.7 views

The vulnerability of the 389 Directory Server’s authentication process, related to incorrect session duration, allows attackers to gain access to confidential data.

The vulnerability of the 389 Directory Server’s authentication service is related to an incorrect session duration. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...

6.8CVSS6.8AI score0.01531EPSS
Exploits2References11Affected Software3
BDU FSTEC
BDU FSTEC
added 2023/04/04 12:0 a.m.6 views

The vulnerability of the command-line interface of ArubaOS allows a hacker to continue the session on a vulnerable device after removing the affected account.

The vulnerability of the command-line interface of ArubaOS systems is related to incorrect session duration settings. Exploiting this vulnerability allows a remote attacker to continue the session on a vulnerable device after deleting the affected account...

9.3CVSS5.5AI score0.00443EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/23 12:0 a.m.7 views

The vulnerability of the EcoStruxure Power Monitoring Expert software lies in its incorrect session duration, which allows an intruder to gain unauthorized access to protected information.

The vulnerability of the EcoStruxure Power Monitoring Expert software is related to incorrect session duration settings. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

6.7CVSS7.6AI score0.00318EPSS
Exploits0References2Affected Software1
Citrix
Citrix
added 2023/03/22 12:0 a.m.9 views

Anonymous LOGOUT logs explanation

ns.log: Dec 31 16:13:57 172.31.248.107 12/31/2022:08:13:57 GMT PHQCXADC01 0-PPE-0 : default SSLVPN Message 263167 0 : "Created nFactor session for user Anonymous" Dec 31 16:13:57 172.31.248.107 12/31/2022:08:13:57 GMT PHQCXADC01 0-PPE-0 : default SSLVPN Message 263174 0 : "AAAD API:...

7.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/11/23 12:0 a.m.11 views

The vulnerability of Websoft HCM’s automation software for HR processes lies in the incorrect expiration time of sessions. This allows attackers to reuse the session credentials to access user information.

The vulnerability of Websoft HCM’s automation software for HR processes is related to incorrect session duration settings. Exploiting this vulnerability allows a malicious actor to repeatedly use session credentials to access user information...

5.9CVSS5.5AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/16 4:7 p.m.31 views

Security Bulletin: Mitigations are being announced to address CVE-2020-4839 and CVE-2021-29695

Summary IBM products 8335-GCA, 8335-GTA, and 8335-GTB have identified security vulnerabilities. Vulnerability Details CVEID:CVE-2020-4839 DESCRIPTION: IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged...

8.5CVSS5.7AI score0.02274EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/30 12:0 a.m.7 views

The vulnerability of the BD Synapsys software lies in its incorrect session duration, which allows a perpetrator to gain access, modify, or delete confidential information.

The vulnerability of the BD Synapsys software lies in the incorrect duration of a session. Exploiting this vulnerability can allow an attacker to gain access, modify, or delete confidential information...

6.2CVSS6.1AI score0.00223EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/08/24 12:0 a.m.5 views

The instability of the BigBlueButton server interface’s greenlight feature, related to the incorrect session duration, allows a violator to increase their privileges.

The vulnerability of the BigBlueButton greenlight server interface is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

9CVSS5.5AI score0.0041EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/29 12:0 a.m.10 views

The vulnerability of the Microsoft Office 365 software is related to incorrect session duration settings, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the Microsoft Office 365 software package is related to incorrect session duration settings. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

6.5CVSS5.5AI score
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2022/02/17 12:0 a.m.13 views

The vulnerability of the CGI program of the Zyxel NBG6604 switch, related to incorrect session duration, allows attackers to gain access to the device.

The vulnerability of the CGI program of the Zyxel NBG6604 switch is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to gain access to the device by intercepting the authentication token...

9.4CVSS7.7AI score0.01044EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/08/09 12:0 a.m.6 views

A vulnerability in the web interface for managing Microprogramming Software on Cisco Small Business 220 Series Smart routers exists. This vulnerability is related to an incorrect session duration, which allows a perpetrator to bypass authentication procedures, gain unauthorized access to the device’s web interface, and perform arbitrary actions with administrator privileges.

The vulnerability of the web interface for managing Microprogramming Software on Cisco Small Business 220 Series Smart routers is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor to bypass authentication procedures, gain unauthorized access to...

9.3CVSS7.2AI score0.01387EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/05 12:0 a.m.5 views

The vulnerability of the FreeIPA server relates to the incorrect duration of a session, which allows a perpetrator to gain access to the session.

The vulnerability of the FreeIPA server is related to the incorrect duration of the session. Exploiting this vulnerability can allow a hacker to gain access to the session...

6.6CVSS5.8AI score0.00336EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2020/01/13 12:0 a.m.7 views

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisor, is related to incorrect session duration settings, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware ESXi hypervisor, is related to incorrect session duration settings. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protecte...

6.4CVSS6.6AI score0.00967EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2019/12/09 12:0 a.m.8 views

The vulnerability of the microprogramming software of the Intel Baseboard Management Controller (BMC) relates to incorrect session duration settings. This allows a perpetrator to disclose protected information or cause service failures.

The vulnerability of the microprogramming software of the Intel Baseboard Management Controller BMC is related to incorrect session duration. Exploiting this vulnerability can allow a malicious actor to disclose protected information or cause service failures...

8.1CVSS7.3AI score0.01255EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2019/09/19 7:37 a.m.4 views

HTTP/2: 0-length headers lead to denial of service

A flaw was found in HTTP/2. An attacker, sending a stream of header with a 0-length header name and a 0-length header value, could cause some implementations to allocate memory for these headers and keep the allocations alive until the session dies. The can consume excess memory, potentially...

7.5CVSS7.1AI score0.56262EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2019/08/22 12:0 a.m.10 views

The vulnerability in the TokenBasedRememberMeServices2.java component of the Jenkins automation server allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the TokenBasedRememberMeServices2.java component located at core/src/main/java/hudson/security/TokenBasedRememberMeServices2.java in the Jenkins automation server is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor, operati...

9CVSS5.5AI score0.01545EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder