CVE-2023-41084

Critical

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude…

icscert·CWE-565·Published 2023-09-18

CVSS

9.8

EPSS

0.01

KEV

Exploits

cve.orgen

200 chars

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.

NVDen

200 chars

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.

NVDes

239 chars

** NO COMPATIBLE CUANDO ESTÁ ASIGNADO ** La gestión de sesiones dentro de la aplicación web es incorrecta y permite a los atacantes robar cookies de sesión para realizar multitud de acciones que la aplicación web permite en el dispositivo.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	10.0	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H