PT-2019-9096 · Bpc · Bpc Smartvista

Hai Dang Long

+2

·

Published

2019-04-30

·

Updated

2019-05-01

·

CVE-2018-15208

CVSS v3.1

7.5

High

VectorAV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions BPC SmartVista version 2
Description The issue concerns a session fixation problem via the JSESSIONID parameter.
Recommendations For version 2, consider restricting access to the JSESSIONID parameter to minimize the risk of exploitation.

Exploit

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2018-15208

Affected Products

Bpc Smartvista