{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5995", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2024-06-14T06:53:30.790Z", "datePublished": "2024-06-14T07:18:32.904Z", "dateUpdated": "2024-08-01T21:25:03.252Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "HR Portal", "vendor": "Soar Cloud", "versions": [{"lessThan": "7.3.2024.0409", "status": "affected", "version": "earlier", "versionType": "custom"}]}], "datePublic": "2024-06-14T07:13:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused."}], "value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused."}], "impacts": [{"capecId": "CAPEC-60", "descriptions": [{"lang": "en", "value": "CAPEC-60 Reusing Session IDs (aka Session Replay)"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-06-14T07:18:32.904Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-7871-fecf1-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-7872-1c8b4-2.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to \n\n<span style=\"background-color: rgb(255, 255, 255);\">version</span>\n\n7.3.2024.0409 or later."}], "value": "Update to \n\nversion\n\n7.3.2024.0409 or later."}], "source": {"advisory": "TVN-202406009", "discovery": "EXTERNAL"}, "title": "Soar Cloud HR Portal - Insufficient Session Expiration", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "scshr", "product": "hr_portal", "cpes": ["cpe:2.3:a:scshr:hr_portal:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "7.3.2024.0409", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-15T20:17:44.400942Z", "id": "CVE-2024-5995", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-15T20:22:38.890Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.252Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-7871-fecf1-1.html"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://www.twcert.org.tw/en/cp-139-7872-1c8b4-2.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5995", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-15T20:17:44.400942Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:scshr:hr_portal:*:*:*:*:*:*:*:*"], "vendor": "scshr", "product": "hr_portal", "versions": [{"status": "affected", "version": "0", "lessThan": "7.3.2024.0409", "versionType": "custom"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-15T20:22:23.478Z"}}], "cna": {"title": "Soar Cloud HR Portal - Insufficient Session Expiration", "source": {"advisory": "TVN-202406009", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-60", "descriptions": [{"lang": "en", "value": "CAPEC-60 Reusing Session IDs (aka Session Replay)"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Soar Cloud", "product": "HR Portal", "versions": [{"status": "affected", "version": "earlier", "lessThan": "7.3.2024.0409", "versionType": "custom"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to \n\nversion\n\n7.3.2024.0409 or later.", "supportingMedia": [{"type": "text/html", "value": "Update to \n\n<span style=\"background-color: rgb(255, 255, 255);\">version</span>\n\n7.3.2024.0409 or later.", "base64": false}]}], "datePublic": "2024-06-14T07:13:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-7871-fecf1-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-7872-1c8b4-2.html", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused.", "supportingMedia": [{"type": "text/html", "value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2024-06-14T07:18:32.904Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5995", "state": "PUBLISHED", "dateUpdated": "2024-07-15T20:22:38.890Z", "dateReserved": "2024-06-14T06:53:30.790Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2024-06-14T07:18:32.904Z", "assignerShortName": "twcert"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused."}, {"lang": "es", "value": "Los correos electr\u00f3nicos de notificaci\u00f3n enviados por Soar Cloud HR Portal contienen un enlace con una sesi\u00f3n integrada. La caducidad de la sesi\u00f3n no est\u00e1 configurada correctamente, quedando v\u00e1lida por m\u00e1s de 7 d\u00edas y puede ser reutilizada."}], "id": "CVE-2024-5995", "lastModified": "2024-11-21T09:48:43.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2024-06-14T08:15:43.097", "references": [{"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/en/cp-139-7872-1c8b4-2.html"}, {"source": "twcert@cert.org.tw", "url": "https://www.twcert.org.tw/tw/cp-132-7871-fecf1-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.twcert.org.tw/en/cp-139-7872-1c8b4-2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.twcert.org.tw/tw/cp-132-7871-fecf1-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-613"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}

{}