https://db.gcve.eu/sightings/feed 2026-05-03T05:41:59.251308+00:00 Vulnerability-Lookup info@gcve.eu python-feedgen Contains only the most 10 recent sightings. https://db.gcve.eu/sighting/903ac306-d15e-4fd3-a054-cdafcc3d6ab1/export 2026-05-03T05:41:59.604954+00:00 cedric http://db.gcve.eu/user/cedric {"uuid": "903ac306-d15e-4fd3-a054-cdafcc3d6ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41553", "type": "seen", "source": "https://t.me/cibsecurity/29996", "content": "\u203c CVE-2021-41553 \u203c\n\n** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the testers to modify the application logic. It is also possible to set the value of the session token, client-side, simply by making an unauthenticated GET Request to the Home Page and adding an arbitrary value to the JSESSIONID field. The application, following the login, does not assign a new token, continuing to keep the inserted one, as the identifier of the entire session. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-05T20:30:38.000000Z"} 2021-10-05T20:30:38+00:00