A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: icscert
Published: 2017-10-17T22:00:00
Updated: 2024-08-05T19:13:41.890Z
Reserved: 2017-08-30T00:00:00
Link: CVE-2017-14013
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-10-17T22:29:00.400
Modified: 2024-11-21T03:11:57.897
Link: CVE-2017-14013
Redhat
No data.