CVE-2020-23140

{"id": "CVE-2020-23140", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2020-11-09T18:15:12.573", "references": [{"url": "https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active."}, {"lang": "es", "value": "Microweber versi\u00f3n 1.1.18, est\u00e1 afectado por una expiraci\u00f3n insuficiente de la sesi\u00f3n. Cuando se cambian contrase\u00f1as, tanto las sesiones para cuando un usuario cambia de correo electr\u00f3nico como las sesiones antiguas en cualquier otro navegador o dispositivo, la sesi\u00f3n no caduca y permanece activa"}], "lastModified": "2024-11-21T05:13:35.890", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microweber:microweber:1.1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6DAE125-91CC-41A3-BD93-934FE836E810"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}