CVE-2018-11385

HIGH Year: 2018
CVSS v3 Score
8.1
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. A session fixation vulnerability within the "Guard" login feature may allow an attacker to impersonate a victim towards the web application if the session id value was previously known to the attacker.

Related Vulnerabilities

CVE-2013-0507

HIGH
CVSS:8.1(High)

IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fixation Vulnerability

CWE-3842013

CVE-2016-0721

HIGH
CVSS:8.1(High)

Session fixation vulnerability in pcsd in pcs before 0.9.157.

CWE-3842016

CVE-2016-8609

HIGH
CVSS:8.1(High)

It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session....

CWE-3842016

CVE-2016-9981

HIGH
CVSS:8.1(High)

IBM AppScan Enterprise Edition 9.0 contains an unspecified vulnerability that could allow an attacker to hijack a valid user's session. IBM X-Force ID: 120257

CWE-3842016

CVE-2017-12619

HIGH
CVSS:8.1(High)

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".

CWE-3842017

CVE-2017-14263

HIGH
CVSS:8.1(High)

Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManag...

CWE-3842017