VDB

CVE-2024-11317

CVE-2024-11317 PUBLISHED CVSS 10 CRITICAL

Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

EPSS 0.33% · 56.5th percentile

Risk Scores

CVSS 3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS Score
0.33%
56.5th percentile

Affected Products

VendorProductVersions
abbmatrix-264_firmware0, 0, 0
abbnexus-2128_firmware0, 0, 0
abbaspect-ent-12_firmware0, 0, 0
abbmatrix-216_firmware0, 0, 0
abbnexus-264-a_firmware0, 0, 0
ABBNEXUS Series0, 0
abbnexus-2128-f_firmware0, 0, 0
abbmatrix-296_firmware0, 0, 0
abbnexus-264_firmware0, 0, 0
abbmatrix-232_firmware0, 0, 0
ABBMATRIX Seriesinitial, initial
abbnexus-3-2128_firmware0, 0, 0
abbaspect-ent-96_firmware0, 0, 0
abbnexus-264-g_firmware0, 0, 0
abbnexus-2128-a_firmware0, 0, 0
abbnexus-2128-g_firmware0, 0, 0
ABBASPECT-Enterprise0, 0
abbaspect_enterprise0, 0
abbaspect-ent-256_firmware0, 0, 0
abbmatrix_series0, 0

…and 5 more

Timeline

  • Dec 5, 2024 CVE Published
  • Dec 5, 2024 PoC Published
  • Dec 5, 2024 CVE Updated
  • Dec 7, 2024 EPSS Score
  • Dec 21, 2024 Coalition ESS Score
  • Dec 24, 2024 EPSS Score
  • Jan 7, 2025 PoC Published
  • Jan 10, 2025 EPSS Score
  • Jan 27, 2025 EPSS Score
  • Feb 11, 2025 PoC Published
  • Feb 12, 2025 EPSS Score
  • Mar 1, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›