Vulnerabilities > CVE-2020-27739 - Insufficient Session Expiration vulnerability in Citadel Webcit

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

citadel

CWE-613

critical

NVD

Published: 2020-10-28

Updated: 2020-11-04

Summary

A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.

Vulnerable Configurations

Part	Description	Count
Application	Citadel Citadel Webcit - Citadel Webcit 7.10 Citadel Webcit 7.86 Citadel Webcit 7.87 Citadel Webcit 8.01 Citadel Webcit 8.02 Citadel Webcit 8.03 Citadel Webcit 8.05 Citadel Webcit 8.06 Citadel Webcit 8.12 Citadel Webcit 8.13 Citadel Webcit 8.14 Citadel Webcit 8.16 Citadel Webcit 8.20 Citadel Webcit 8.22 Citadel Webcit 8.23 Citadel Webcit 8.24 Citadel Webcit 9.01 Citadel Webcit 902 Citadel Webcit 926	20

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References