CVE-2022-4231
published 2022-11-30CVE-2022-4231: A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the…
PriorityP427medium5.4CVSS 3.1
AVNACLPRNUIRSUCLILAN
EPSS
0.44%
35.4th percentile
A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tribal_systems | zenario_cms | — | — |
| tribalsystems | zenario | — | — |
| tribalsystems | zenario | 0 – 9.3.57595 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Tribal Systems Zenario CMS vulnerable to Session Fixation
ghsa·2022-11-30
CVE-2022-4231 [MEDIUM] CWE-384 Tribal Systems Zenario CMS vulnerable to Session Fixation
Tribal Systems Zenario CMS vulnerable to Session Fixation
Tribal Systems Zenario CMS 9.3.57595 is vulnerable to session fixation. In Zenario CMS, the user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with. The attack may be initiated remotely and an exploit has been disclosed.
OSV
Tribal Systems Zenario CMS vulnerable to Session Fixation
osv·2022-11-30
CVE-2022-4231 [MEDIUM] Tribal Systems Zenario CMS vulnerable to Session Fixation
Tribal Systems Zenario CMS vulnerable to Session Fixation
Tribal Systems Zenario CMS 9.3.57595 is vulnerable to session fixation. In Zenario CMS, the user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after user logout and login again into the application when "Remember me" option active. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with. The attack may be initiated remotely and an exploit has been disclosed.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-30
Published