CVE-2019-5638 Vulnerability Details

  /     /     /  

CVE-2019-5638 Metadata Quick Info

CVE Published: 21/08/2019 | CVE Updated: 16/09/2024 | CVE Year: 2019
Source: rapid7 | Vendor: Rapid7 | Product: Nexpose
Status : PUBLISHED

CVE-2019-5638 Description

Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user\'s password is changed by an administrator due to an otherwise unrelated credential leak, that user account\'s current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.

Metrics

CVSS Version: 3.1 | Base Score: 8.7 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-613
CWE Name: CWE-613 Insufficient Session Expiration
Source: Rapid7

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2019-5638 Vulnerability Details