CVE-2024-2639

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2017-1152

MEDIUM
CVSS:4.3(Medium)

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force...

CWE-3842017

CVE-2018-1485

MEDIUM
CVSS:4.3(Medium)

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This co...

CWE-3842018

CVE-2018-1626

MEDIUM
CVSS:4.3(Medium)

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This ...

CWE-3842018

CVE-2018-1948

MEDIUM
CVSS:4.3(Medium)

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the c...

CWE-3842018

CVE-2021-38869

MEDIUM
CVSS:4.3(Medium)

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.

CWE-3842021

CVE-2022-1849

MEDIUM
CVSS:4.3(Medium)

Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.

CWE-3842022