PT-2021-22250 · Unknown · Gfos Workforce Management

Alexis Pain

Published

2021-10-04

Updated

2022-07-12

CVE-2021-38618

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions GFOS Workforce Management version 4.8.272.1

Description The login page of the application is prone to authentication bypass, allowing anyone who knows a user's credentials except the password to get access to an account. This occurs because of JSESSIONID mismanagement.

Recommendations For GFOS Workforce Management version 4.8.272.1, consider temporarily restricting access to the login page until a patch is available. As a mitigation measure, review and manage JSESSIONID properly to prevent mismanagement. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-38618

Affected Products

Gfos Workforce Management

PT-2021-22250 · Unknown · Gfos Workforce Management

CVE-2021-38618

Related Identifiers

Affected Products

References · 5