CVE Vulnerabilities

CVE-2024-11317

Session Fixation

Published: Dec 05, 2024 | Modified: Feb 27, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products:

ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Weakness

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Affected Software

Name Vendor Start Version End Version
Aspect-ent-2_firmware Abb * 3.08.03 (excluding)

Extended Description

Such a scenario is commonly observed when:

Potential Mitigations

References