CVE-2020-5539

Medium

GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to…

jpcert·CWE-639·Published 2020-03-02

CVSS

6.5

EPSS

0.01

KEV

Exploits

cve.orgen

228 chars

GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors.

NVDen

228 chars

NVDes

258 chars

GRANDIT versiones Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, y Ver.3.0, no administra apropiadamente las sesiones, permite a atacantes remotos suplantar un usuario arbitrario y luego alterar o divulgar la información por medio de vectores no especificados.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
3.1	Primary	NVD	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N