Inadequate Session Timeout in HCL OneTest Performance Products
CVE-2020-14247

6.5MEDIUM

Key Information:

Vendor: HCL Software
Status: Hcl Onetest Performance
Vendor: CVE Published:; 4 February 2021

Summary

HCL OneTest Performance versions 9.5, 10.0, and 10.1 are susceptible to a security weakness due to inadequate session timeout settings. This vulnerability could allow an attacker to exploit an active session by guessing a valid session ID, potentially leading to unauthorized access and manipulation of user data. Proper session management practices are vital to mitigate such risks and ensure the protection of sensitive information.

Affected Version(s)

HCL OneTest Performance V9.5

HCL OneTest Performance V10.0

HCL OneTest Performance V10.1

References

https://support.hcltechsw.com/csm?id=kb_article&sysparm_a...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2021
Vulnerability Reserved
Jun 17, 2020