CVE-2024-5995

{"id": "CVE-2024-5995", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-06-14T08:15:43.097", "references": [{"url": "https://www.twcert.org.tw/en/cp-139-7872-1c8b4-2.html", "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-7871-fecf1-1.html", "source": "twcert@cert.org.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-613"}]}], "descriptions": [{"lang": "en", "value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused."}, {"lang": "es", "value": "Los correos electr\u00f3nicos de notificaci\u00f3n enviados por Soar Cloud HR Portal contienen un enlace con una sesi\u00f3n integrada. La caducidad de la sesi\u00f3n no est\u00e1 configurada correctamente, quedando v\u00e1lida por m\u00e1s de 7 d\u00edas y puede ser reutilizada."}], "lastModified": "2024-06-17T12:42:04.623", "sourceIdentifier": "twcert@cert.org.tw"}