CVE-2022-4231

MEDIUM Year: 2022
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.

Related Vulnerabilities

CVE-2014-125048

MEDIUM
CVSS:5.4(Medium)

A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session ...

CWE-3842014

CVE-2017-2145

MEDIUM
CVSS:5.4(Medium)

Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows remote attackers to perform arbitrary operations via unspecified vectors.

CWE-3842017

CVE-2018-1000409

MEDIUM
CVSS:5.4(Medium)

A session fixation vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java that prevented Jenkins from invalida...

CWE-3842018

CVE-2018-13337

MEDIUM
CVSS:5.4(Medium)

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.

CWE-3842018

CVE-2018-18380

MEDIUM
CVSS:5.4(Medium)

A Session Fixation issue was discovered in Bigtree before 4.2.24. admin.php accepts a user-provided PHP session ID instead of regenerating a new one after a user has logged in to the application. The ...

CWE-3842018

CVE-2019-10158

MEDIUM
CVSS:5.4(Medium)

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

CWE-3842019