CVE-2022-44007

{"id": "CVE-2022-44007", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-11-16T22:15:11.177", "references": [{"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-036.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/pentest-blog/vielfaeltige-schwachstellen-in-backclick-professional-syss-2022-026-bis-037", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en BACKCLICK Professional 5.9.63. Debido a una implementaci\u00f3n insegura del seguimiento de sesiones, es posible que un atacante enga\u00f1e a los usuarios para que abran una sesi\u00f3n de usuario autenticado para un identificador de sesi\u00f3n conocido por el atacante, tambi\u00e9n conocido como Session Fixation."}], "lastModified": "2022-11-21T18:26:33.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:backclick:backclick:5.9.63:*:*:*:professional:*:*:*", "vulnerable": true, "matchCriteriaId": "0E17FA20-4500-435D-8F99-58317752E37D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}