CVE-2024-42345

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment.

Related Vulnerabilities

CVE-2017-1152

MEDIUM
CVSS:4.3(Medium)

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force...

CWE-3842017

CVE-2018-1485

MEDIUM
CVSS:4.3(Medium)

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This co...

CWE-3842018

CVE-2018-1626

MEDIUM
CVSS:4.3(Medium)

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This ...

CWE-3842018

CVE-2018-1948

MEDIUM
CVSS:4.3(Medium)

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the c...

CWE-3842018

CVE-2021-38869

MEDIUM
CVSS:4.3(Medium)

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.

CWE-3842021

CVE-2022-1849

MEDIUM
CVSS:4.3(Medium)

Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.

CWE-3842022