Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-01T18:31:34
Updated: 2024-08-04T20:46:46.112Z
Reserved: 2019-01-31T00:00:00
Link: CVE-2019-7280
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-07-01T19:15:11.290
Modified: 2022-10-25T15:42:17.087
Link: CVE-2019-7280
Redhat
No data.