Vulnerabilities > CVE-2019-7280 - Insufficient Session Expiration vulnerability in Primasystems Flexair 2.3.38

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

primasystems

CWE-613

NVD

Published: 2019-07-01

Updated: 2022-10-25

Summary

Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication.

Vulnerable Configurations

Part	Description	Count
Application	Primasystems Primasystems Flexair 2.3.38	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://applied-risk.com/labs/advisories
https://www.applied-risk.com/resources/ar-2019-007
https://www.us-cert.gov/ics/advisories/icsa-19-211-02