CVE-2021-38823 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-38823

CWE

https://cwe.mitre.org/data/definitions/613.html

The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.

Weakness

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Affected Software

Name	Vendor	Start Version	End Version
Icehrm	Icehrm	30.0.0.os (including)	30.0.0.os (including)

Potential Mitigations

References

https://www.navidkagalwalla.com/icehrm-vulnerabilities
https://www.navidkagalwalla.com/icehrm-vulnerabilities