Security Advisory

CVE-2023-28395

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-03-28 19:59:29

Last updated 2025-01-16 21:38:44

Assigner icscert

State PUBLISHED

Description

Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product.

← Browse all CVEs View on cve.org ↗