Home

Description

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

PUBLISHED Reserved 2024-11-18 | Published 2024-12-05 | Updated 2024-12-05 | Assigner ABB




CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L

Problem types

CWE-384 Session Fixation

Product status

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

Default status
unaffected

initial (custom)
affected

Credits

ABB likes to thank Gjoko Krstikj, Zero Science Lab, for reporting the vulnerabilities in responsible disclosure finder

References

search.abb.com/...guageCode=en&DocumentPartId=&Action=Launch

cve.org (CVE-2024-11317)

nvd.nist.gov (CVE-2024-11317)

Download JSON