QSearchQSearch

CVE-2021-3113

7.5 HIGH

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSes...

Published: 2021-01-17 · Last updated: 2026-06-17

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-425

Affected products

VendorProduct
netsiaseba\+

Description

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-34028 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an aut...
  • CVE-2026-11986 A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities (4.9 MEDIUM)
  • CVE-2026-8205 Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_events does not check canView o... (5.3 MEDIUM)
  • CVE-2026-7500 When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled (5.4 MEDIUM)
  • CVE-2025-15587 Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 allow a low privileged user to read an administrator's passwor...