CVE-2021-41553 Information

Description

UNSUPPORTED WHEN ASSIGNED In ARCHIBUS Web Central 21.3.3.815 (a version from 2014) the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known without any attempt by the testers to modify the application logic. It is also possible to set the value of the session token client-side simply by making an unauthenticated GET Request to the Home Page and adding an arbitrary value to the JSESSIONID field. The application following the login does not assign a new token continuing to keep the inserted one as the identifier of the entire session. This is fixed in all recent versions such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.gruppotim.it/redteam

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8