Lucene search
Veracode Vulnerability DatabaseVERACODE:34596HistoryMar 10, 2022 - 7:34 a.m.
Session Fixation
2022-03-1007:34:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
0.001 Low
EPSS
Percentile
31.3%
shopware/platform is vulnerable to session fixation. Remote unauthenticated attackers are able to gain access to guest sessions because the sessions are shared between customers when HTTP cache is enabled, resulting in inconsistent experiences for guest users.
| CPE | Name | Operator | Version |
|---|---|---|---|
| shopware/platform | le | 6.4.8.1 | |
| shopware/storefront | le | 6.4.8.1 | |
| shopware/platform | le | 6.4.8.1 | |
| shopware/storefront | le | 6.4.8.1 |
Related
cnvd
cnvd
Shopware Access Control Error Vulnerability
2022-03-11 00:00:00
prion
prion
Design/Logic Flaw
2022-03-09 23:15:00
nvd
nvd
CVE-2022-24745
2022-03-09 23:15:08
github
github
Shopware guest session is shared between customers
2022-03-10 17:28:55
osv
osv
CVE-2022-24745
2022-03-09 23:15:08
Shopware guest session is shared between customers
2022-03-10 17:28:55
cve
cve
CVE-2022-24745
2022-03-09 23:15:08
cvelist
cvelist
CVE-2022-24745 Guest session is shared between customers in shopware
2022-03-09 22:25:28