Security Advisory

CVE-2021-3113

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-17 02:33:24

Last updated 2024-08-03 16:45:51

Assigner mitre

State PUBLISHED

Description

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admins cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,

← Browse all CVEs View on cve.org ↗