CVE-2017-6412 Information

Feb 14, 2021 cve

Description

In Sophos Web Appliance (SWA) before 4.3.1.2 Session Fixation could occur aka NSWA-1310.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html http://www.securityfocus.com/bid/97261 https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2 https://www.qualys.com/2017/02/28/qsa-2017-02-28/qsa-2017-02-28.pdf

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.1

Share on: