Required CVE Record Information
Description
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.
CVSS 1 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 4.2 | MEDIUM | 3.1 | CVSS:3.1/AC:H/AV:N/A:N/C:L/I:L/PR:N/S:U/UI:R |
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- https://www.tangro.de/ x_transferred
- https://blog.to.com/advisory-tangro-bwf-1-17-5-multiple-vulnerabilities/ x_transferred