nvd-json-data-feeds/CVE-2021/CVE-2021-259xx/CVE-2021-25992.json

{
  "id": "CVE-2021-25992",
  "sourceIdentifier": "vulnerabilitylab@mend.io",
  "published": "2022-02-10T10:15:13.973",
  "lastModified": "2022-02-22T21:48:06.750",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "In Ifme, versions 1.0.0 to v.7.33.2 don\u2019t properly invalidate a user\u2019s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks."
    },
    {
      "lang": "es",
      "value": "En Ifme, versiones 1.0.0 a v.7.33.2, no invalidan apropiadamente la sesi\u00f3n de un usuario incluso despu\u00e9s de que \u00e9ste haya iniciado la sesi\u00f3n. Esto hace posible que un atacante pueda reusar las cookies del administrador, ya sea por medio de un acceso local/de red o mediante otros hipot\u00e9ticos ataques"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "vulnerabilitylab@mend.io",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "vulnerabilitylab@mend.io",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-613"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:if-me:ifme:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "1.0.0",
              "versionEndIncluding": "7.33.2",
              "matchCriteriaId": "6E1D784A-C106-43D7-9302-4A4654BE9E7D"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/ifmeorg/ifme/commit/014f6d3526a594109d4d6607c2f30b1865e37611",
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25992",
      "source": "vulnerabilitylab@mend.io",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    }
  ]
}