← volver
CVE-2021-38618

CVE-2021-38618

CVSS 7.4 HIGHEPSS 1.0%
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.
CVSS:3.1/AC:H/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-38618https://excellium-services.com/cert-xlm-advisory/cve-2021-38618/