CVE-2018-1148Session Fixation in Nessus

CWE-384Session Fixation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 63.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tenable NessusTenable Nessus
Timeline
PublishedMay 18
Latest updateJul 19

Description

In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDtenable/nessus< 7.1.0
CVEListV5tenable/tenable_nessusAll versions prior to 7.1.0

🔴Vulnerability Details

3
OSV
libxmltok vulnerabilities2022-07-19
GHSA
GHSA-2ccr-v9r3-2qmg: In Nessus before 72022-05-14
CVEList
CVE-2018-1148: In Nessus before 72018-05-18
CVE-2018-1148 — Session Fixation in Tenable Nessus | cvebase