Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2022-47406 |
CWE-ID | CWE-613 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Change password for frontend users Web applications / Modules and components for CMS |
Vendor | Torben Hansen |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU70696
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-47406
CWE-ID:
CWE-613 - Insufficient Session Expiration
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. A remote user can obtain or guess session token and gain unauthorized access to session that belongs to another user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsChange password for frontend users: 2.0.0 - 3.0.2
External linkshttp://typo3.org/security/advisory/typo3-ext-sa-2022-016
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.