Session Fixation Vulnerability in Ice Hrm Software by Ice Hrm
CVE-2021-35046

6.1MEDIUM

Key Information:

Vendor

Icehrm

Status
Vendor
CVE Published:
22 June 2021

What is CVE-2021-35046?

A session fixation vulnerability was identified in Ice Hrm version 29.0.0 OS, allowing attackers to exploit a crafted session cookie to hijack valid user sessions. This flaw can lead to unauthorized access and manipulation of user accounts as an attacker can gain control over established sessions without the user's consent. It is crucial for users of Ice Hrm to take appropriate actions to secure their environments against this vulnerability.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.