CVE-2020-13229

High

An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is…

mitre·CWE-384·Published 2020-06-02

CVSS

8.8

EPSS

0.02

KEV

Exploits

cve.orgen

164 chars

An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.

NVDen

164 chars

An issue was discovered in Sysax Multi Server 6.90. A session can be hijacked if one observes the sid value in any /scgi URI, because it is an authentication token.

NVDes

185 chars

Se detectó un problema en Sysax Multi Server versión 6.90. Una sesión puede ser secuestrada si uno observa el valor sid en cualquier URI /scgi, porque este es un token de autenticación.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H