Lucene search
Veracode Vulnerability DatabaseVERACODE:36957HistorySep 06, 2022 - 11:15 a.m.
Insecure Session Management
2022-09-0611:15:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
apache iotdb
session management
validation vulnerability
authentication
session id attack
0.016 Low
EPSS
Percentile
87.6%
org.apache.iotdb:iotdb-server uses insecure session management. Lack of proper validation of session ID at checkLogin function allows an attacker to bypass the intended authentication behavior through a session id attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| iotdb server | eq | 0.13.0 | |
| iotdb server | eq | 0.13.0 |
Related
cve
cve
CVE-2022-38369
2022-09-05 10:15:09
nvd
nvd
CVE-2022-38369
2022-09-05 10:15:09
github
github
Apache IoTDB Session Fixation vulnerability
2022-09-06 00:00:27
cnvd
cnvd
Apache IoTDB Licensing Issue Vulnerability (CNVD-2022-69472)
2022-09-16 00:00:00
prion
prion
Session fixation
2022-09-05 10:15:00
osv
osv
Apache IoTDB Session Fixation vulnerability
2022-09-06 00:00:27
cvelist
cvelist
CVE-2022-38369 Login check vulnerability by session Id
2022-09-05 09:50:09