CVE-2023-45600

Name of the Vulnerable Software and Affected Versions AiLux imx6 bundle versions prior to imx6 1.0.7-2

Description A CWE-613 “Insufficient Session Expiration” issue in the web application exists due to the session cookie sessionid lasting two weeks, which facilitates session hijacking attacks against victims.

Recommendations For versions prior to imx6 1.0.7-2, update to version imx6 1.0.7-2 or later to resolve the issue. As a temporary workaround, consider shortening the session expiration time to minimize the risk of session hijacking attacks. Restrict access to sensitive areas of the web application to minimize the risk of exploitation.