CVE-2022-44788

{"id": "CVE-2022-44788", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-11-21T23:15:13.780", "references": [{"url": "https://members.backbox.org/maggioli-appalti-contratti-multiple-vulnerabilities/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-384"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Appalti & Contratti 9.12.2. It allows Session Fixation. When a user logs in providing a JSESSIONID cookie that is issued by the server at the first visit, the cookie value is not updated after a successful login."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Appalti & Contratti 9.12.2. Permite la Fijaci\u00f3n de Desiones. Cuando un usuario inicia sesi\u00f3n proporcionando una cookie JSESSIONID emitida por el servidor en la primera visita, el valor de la cookie no se actualiza despu\u00e9s de un inicio de sesi\u00f3n exitoso."}], "lastModified": "2022-11-23T16:03:11.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:maggioli:appalti_\\&_contratti:9.12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDE25FE7-3242-4542-A150-D24ED7156CD2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}