CVSS: 8.8EPSS: 0%CPEs: 134EXPL: 0CVE-2018-5465
https://notcve.org/view.php?id=CVE-2018-5465
A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. A session fixation vulnerability in the web interface has been identified, which may allow an attacker to hijack web sessions. Se ha descubierto un problema de fijación de sesión en los switches Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS y OCTOPUS Classic Platform. Se ha identificado una vulnerabilidad de fijación de sesión en la interfaz web que podría permitir que un atacante secuestre sesiones web. • http://www.securityfocus.com/bid/103340 https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01 • CWE-384: Session Fixation •
CVSS: 6.5EPSS: 0%CPEs: 134EXPL: 0CVE-2018-5467
https://notcve.org/view.php?id=CVE-2018-5467
An Information Exposure Through Query Strings in GET Request issue was discovered in Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches. An information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user. Se ha descubierto un problema de exposición de información mediante cadenas de consulta en peticiones GET en los switches Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS y OCTOPUS Classic Platform. Se ha identificado una vulnerabilidad de exposición de información mediante cadenas de consulta en la interfaz web que podría permitir que un atacante suplante a un usuario legítimo. • http://www.securityfocus.com/bid/103340 https://ics-cert.us-cert.gov/advisories/ICSA-18-065-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-598: Use of GET Request Method With Sensitive Query Strings •