admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2025/CVE-2025-223xx/CVE-2025-22386.json
cad-safe-bot a3043036d0 Auto-Update: 2025-01-12T03:00:19.531309+00:00
2025-01-12 03:03:49 +00:00

60 lines
2.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2025-22386",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-04T02:15:07.230",
"lastModified": "2025-01-06T16:15:32.707",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Optimizely Configured Commerce antes de la versi\u00f3n 5.2.2408. Existe un problema de sesi\u00f3n de gravedad media en la aplicaci\u00f3n Commerce B2B, que afecta la longevidad de las sesiones activas en la tienda. Esto permite que los tokens de sesi\u00f3n vinculados a sesiones cerradas sigan activos y se puedan usar."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://support.optimizely.com/hc/en-us/articles/32695284701069-Configured-Commerce-Security-Advisory-COM-2024-04",
"source": "cve@mitre.org"
}
]
}
Reference in New Issue View Git Blame Copy Permalink