An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Thu, 12 Dec 2024 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user. | |
Title | Broken Access Control | |
Weaknesses | CWE-384 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: SEC-VLab
Published: 2024-12-12T13:24:16.685Z
Updated: 2024-12-13T16:31:07.480Z
Reserved: 2024-03-05T09:15:40.202Z
Link: CVE-2024-28144
Vulnrichment
Updated: 2024-12-13T16:30:47.105Z
NVD
Status : Awaiting Analysis
Published: 2024-12-12T14:15:22.330
Modified: 2024-12-13T17:15:06.197
Link: CVE-2024-28144
Redhat
No data.