CVE-2021-25992

Summary

In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks.

Affected Software

VendorProductVersion RangeStatus
ifmeorgifme1.0.0 < unspecifiedaffected
ifmeorgifmeunspecified <= v7.33.2affected

Weaknesses

  • CWE-613: CWE-613 Insufficient Session Expiration

ADP Enrichment

CVE Program Container

Additional References

References