PT-2021-9705 · Hcl · Hcl Onetest Performance

Published

2021-02-04

Updated

2021-02-09

CVE-2020-14247

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions HCL OneTest Performance versions 9.5 through 10.1

Description The issue is related to an inadequate session timeout, which could allow an attacker time to guess and use a valid session ID.

Recommendations For versions 9.5 through 10.1, consider implementing a more secure session timeout mechanism to minimize the risk of session ID guessing. As a temporary workaround, restrict access to sensitive areas of the application that rely on session IDs until a more secure timeout mechanism is implemented. Avoid using predictable or easily guessable session IDs in the affected versions until the issue is resolved.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-613

Related Identifiers

CVE-2020-14247

Affected Products

Hcl Onetest Performance

PT-2021-9705 · Hcl · Hcl Onetest Performance

CVE-2020-14247

Weakness Enumeration

Related Identifiers

Affected Products

References · 5