CVE-2024-11317

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02

Description: The issue is related to incorrect session management, allowing an attacker to fix a user's session identifier before login, which provides an opportunity for session takeover. This can be exploited by a remote attacker to hijack a user's session and potentially elevate their privileges.

Recommendations: For ABB ASPECT - Enterprise version 3.08.02, consider disabling session management functionality until a patch is available. For NEXUS Series version 3.08.02, restrict access to session-related features to minimize the risk of exploitation. For MATRIX Series version 3.08.02, avoid using session identifiers in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.