ByteOS Network

NVD Vulnerability Details :

CVE-2022-4231

Analyzed

Source-cna@vuldb.com

Published At-30 Nov, 2022 | 12:15

Updated At-06 Dec, 2022 | 16:46

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Secondary	3.1	4.2	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Type: Primary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 4.2

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

CPE Matches

tribalsystems>>zenario>>9.3.57595

cpe:2.3:a:tribalsystems:zenario:9.3.57595:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-384	Primary	cna@vuldb.com

CWE ID: CWE-384

Type: Primary

Source: cna@vuldb.com

References

Hyperlink	Source	Resource
https://github.com/lithonn/bug-report/tree/main/vendors/tribalsystems/zenario/session-fixation	cna@vuldb.com	Exploit Third Party Advisory
https://vuldb.com/?id.214589	cna@vuldb.com	Third Party Advisory

Hyperlink: https://github.com/lithonn/bug-report/tree/main/vendors/tribalsystems/zenario/session-fixation

Source: cna@vuldb.com

Resource:

Exploit

Third Party Advisory

Hyperlink: https://vuldb.com/?id.214589

Source: cna@vuldb.com

Resource:

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History