CVE-2018-13337 : Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session co

Session Fixation in the web application for TerraMaster TOS version 3.1.03 allows attackers to control users' session cookies via JavaScript.

Published 2018-11-27 20:29:01

Updated 2018-12-21 18:42:53

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2018-13337

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 43 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
5.4	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	2.8	2.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE-384 Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

Assigned by: nvd@nist.gov (Primary)

Terra-master » Terramaster Operating System » Version: 3.1.03
cpe:2.3:o:terra-master:terramaster_operating_system:3.1.03:*:*:*:*:*:*:*
Matching versions