EPSS
Percentile
41.1%
sm-shop-model is vulnerable to insufficient session expiration. Resetting password by an administrator or user is not invalidating the current logged in session due to lack of sufficient session expiry.
github.com/shopizer-ecommerce/shopizer/blob/3.0.1/sm-shop/src/main/java/com/salesmanager/shop/store/api/v1/customer/AuthenticateCustomerApi.java#L213-L237
www.whitesourcesoftware.com/vulnerability-database/CVE-2022-23063