How severe is CVE-2021-3844?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2021-3844?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2021-3844

MEDIUM Year: 2021

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-613

View all →

Vulnerability Description

Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638.

CVE-2019-0015

MEDIUM

CVSS:5.4(Medium)

A vulnerability in the SRX Series Service Gateway allows deleted dynamic VPN users to establish dynamic VPN connections until the device is rebooted. A deleted dynamic VPN connection should be immedia...

CWE-6132019

CVE-2019-5531

MEDIUM

CVSS:5.4(Medium)

VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b,...

CWE-6132019

CVE-2020-1768

MEDIUM

CVSS:5.4(Medium)

The external frontend system uses numerous background calls to the backend. Each background request is treated as user activity so the SessionMaxIdleTime will not be reached. This issue affects: OTRS ...

CWE-6132020

CVE-2020-6291

MEDIUM

CVSS:5.4(Medium)

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration

CWE-6132020

CVE-2022-23502

MEDIUM

CVSS:5.4(Medium)

TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functional...

CWE-6132022

CVE-2022-31677

MEDIUM

CVSS:5.4(Medium)

An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use thei...

CWE-6132022

CVE-2021-3844

Vulnerability Description

Related Vulnerabilities

CVE-2019-0015

CVE-2019-5531

CVE-2020-1768

CVE-2020-6291

CVE-2022-23502

CVE-2022-31677