CVE-2021-36205

Name of the Vulnerable Software and Affected Versions Metasys Application and Data Server (ADS) (affected versions not specified) Metasys Extended Application and Data Server (ADX) (affected versions not specified) Metasys Open Application Server (OAS) (affected versions not specified)

Description The issue is related to incomplete session token clearance. Under certain circumstances, the session token is not cleared on logout, which could allow a remote attacker to obtain the session token of an authenticated user.

Recommendations For Metasys Application and Data Server (ADS), consider implementing a workaround to ensure session tokens are properly cleared on logout. For Metasys Extended Application and Data Server (ADX), restrict access to sensitive areas until a proper fix for the session token clearance issue is applied. For Metasys Open Application Server (OAS), as a temporary measure, manually invalidate session tokens after each use to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.