Engelsystem
CVE-2023-45659
LOW
Severity by source
AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit dbb089315ff3d. Users are advised to update their installations. There are no known workarounds for this vulnerability.
AnalysisAI
Engelsystem is a shift planning system for chaos events. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-613. Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit dbb089315ff3d. Users are advised to update their installations. There are no known workarounds for this vulnerability. Affected products include: Engelsystem.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Engelsystem
View allEngelsystem before commit hash 2e28336 allows CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely explo
Engelsystem is a shift planning system for chaos events. Rated low severity (CVSS 2.3), this vulnerability is low attack
Englesystem is a shift planning system for chaos events. Rated medium severity (CVSS 5.4), this vulnerability is remotel
Same weakness CWE-613 – Insufficient Session Expiration
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today