CVE-2024-39275

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-539
View all →

Vulnerability Description

Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with a legitimate cookie, even if the session was terminated, allows an unauthorized attacker to act with the same level of privileges of the legitimate user.

Related Vulnerabilities

CVE-2025-27673

CRITICAL
CVSS:9.1(Critical)

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017.

CWE-5392025

CVE-2023-30861

HIGH
CVSS:7.5(High)

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy...

CWE-5392023

CVE-2025-27673

CRITICAL
CVSS:9.1(Critical)

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017.

CWE-5392025

CVE-2023-30861

HIGH
CVSS:7.5(High)

Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy...

CWE-5392023

CVE-2021-27463

MEDIUM
CVSS:5.3(Medium)

A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly...

CWE-5392021