Lucene search
GoogleOSV:GHSA-G6VM-3CH8-C6JQHistorySep 06, 2022 - 12:00 a.m.
Apache IoTDB Session Fixation vulnerability
2022-09-0600:00:27
Google
osv.dev
9
apache
iotdb
vulnerability
session fixation
upgrade
software
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.6%
Apache IoTDB version 0.13.0 is vulnerable to session id attack. Users should upgrade to version 0.13.1 which addresses this issue.
Related
cve
cve
CVE-2022-38369
2022-09-05 10:15:09
veracode
veracode
Insecure Session Management
2022-09-06 11:15:15
nvd
nvd
CVE-2022-38369
2022-09-05 10:15:09
github
github
Apache IoTDB Session Fixation vulnerability
2022-09-06 00:00:27
cvelist
cvelist
CVE-2022-38369 Login check vulnerability by session Id
2022-09-05 09:50:09
cnvd
cnvd
Apache IoTDB Licensing Issue Vulnerability (CNVD-2022-69472)
2022-09-16 00:00:00
prion
prion
Session fixation
2022-09-05 10:15:00
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.016 Low
EPSS
Percentile
87.6%
Related for OSV:GHSA-G6VM-3CH8-C6JQ