CVE-2017-14013 Vulnerability Details

  /     /     /  

CVE-2017-14013 Metadata Quick Info

CVE Published: 17/10/2017 | CVE Updated: 05/08/2024 | CVE Year: 2017
Source: icscert | Vendor: n/a | Product: ProMinent MultiFLEX M10a Controller
Status : PUBLISHED

CVE-2017-14013 Description

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user\'s session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-602
CWE Name: CWE-602
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).