CVE-2022-44017

Name of the Vulnerable Software and Affected Versions Simmeth Lieferantenmanager versions prior to 5.6

Description An issue was discovered due to errors in session management, allowing an attacker to log back into a victim's account after the victim logged out. The "/LMS/LM/#main" endpoint can be used for this. This is due to the credentials not being cleaned from the local storage after logout.

Recommendations For versions prior to 5.6, update to version 5.6 or later to resolve the issue. As a temporary workaround, consider clearing the local storage after logout to prevent unauthorized access. Restrict access to the "/LMS/LM/#main" endpoint until the issue is resolved.