Vulnerabilities > CVE-2020-23140 - Insufficient Session Expiration vulnerability in Microweber 1.1.18

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

microweber

CWE-613

NVD

Published: 2020-11-09

Updated: 2020-11-20

Summary

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.

Vulnerable Configurations

Part	Description	Count
Application	Microweber Microweber Microweber 1.1.18	1

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://gist.github.com/virendratiwari03/bddafb3cd82dde8202bd056d340d3e36