Netsia SEBA+ up to 0.16.1 Build 70-e669dcd7 allActiveSession information disclosure

EntryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Netsia SEBA+ up to 0.16.1 Build 70-e669dcd7 and classified as problematic. Affected by this vulnerability is an unknown code block of the file /session/list/allActiveSession. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field01/17/2021 09:34 AM02/15/2021 03:01 AM02/15/2021 03:04 AM
vendorNetsiaNetsiaNetsia
nameSEBA+SEBA+SEBA+
version<=0.16.1 Build 70-e669dcd7<=0.16.1 Build 70-e669dcd7<=0.16.1 Build 70-e669dcd7
file/session/list/allActiveSession/session/list/allActiveSession/session/list/allActiveSession
cwe200 (information disclosure)200 (information disclosure)200 (information disclosure)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acHHH
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
urlhttps://www.pentest.com.tr/exploits/Netsia-SEBA-0-16-1-Authentication-Bypass-Add-Root-User-Metasploit.htmlhttps://www.pentest.com.tr/exploits/Netsia-SEBA-0-16-1-Authentication-Bypass-Add-Root-User-Metasploit.htmlhttps://www.pentest.com.tr/exploits/Netsia-SEBA-0-16-1-Authentication-Bypass-Add-Root-User-Metasploit.html
cveCVE-2021-3113CVE-2021-3113CVE-2021-3113
date1610838000 (01/17/2021)1610838000 (01/17/2021)1610838000 (01/17/2021)
cvss2_vuldb_avNNN
cvss2_vuldb_acHHH
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss2_vuldb_basescore2.62.62.6
cvss2_vuldb_tempscore2.62.62.6
cvss3_vuldb_basescore3.73.73.7
cvss3_vuldb_tempscore3.73.73.7
cvss3_meta_basescore3.73.75.6
cvss3_meta_tempscore3.73.75.6
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16100604001610060400
cve_nvd_summaryNetsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,
exploitdb4943549435
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss2_nvd_basescore5.0
cvss3_nvd_basescore7.5
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iN

Interested in the pricing of exploits?

See the underground prices here!