← voltar
CVE-2021-38618

CVE-2021-38618

CVSS 7.4 HIGHEPSS 1.0%
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.
CVSS:3.1/AC:H/AV:N/A:N/C:H/I:H/PR:N/S:U/UI:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-38618https://excellium-services.com/cert-xlm-advisory/cve-2021-38618/