CVE-2024-11317

CVSS 3.1 Score 10.0 of 10 (high)

Details

Published Dec 5, 2024
CWE ID 384

Summary

CVE-2024-11317 is a session fixation vulnerability that enables attackers to prematurely establish a user's session identifier prior to login. This issue provides an opportunity for attackers to take over the affected user's session. The vulnerability affects ABB ASPECT - Enterprise version 3.08.02, NEXUS Series version 3.08.02, and MATRIX Series version 3.08.02. Successful exploitation could lead to unauthorized access to user accounts and potentially sensitive information. Users are advised to update their software to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Aspect-Enterprise

Affected Vendors

  • ABB Ltd.