Vulnerabilities > CVE-2020-23140 - Insufficient Session Expiration vulnerability in Microweber 1.1.18

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE

Summary

Microweber 1.1.18 is affected by insufficient session expiration. When changing passwords, both sessions for when a user changes email and old sessions in any other browser or device, the session does not expire and remains active.

Vulnerable Configurations

Part Description Count
Application
Microweber
1

Common Weakness Enumeration (CWE)