{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-37570","assignerOrgId":"66834db9-ab24-42b4-be80-296b2e40335c","state":"PUBLISHED","assignerShortName":"CERT-In","dateReserved":"2023-07-07T09:41:33.905Z","datePublished":"2023-08-08T08:11:08.948Z","dateUpdated":"2024-10-10T17:58:16.654Z"},"containers":{"cna":{"title":"Insufficient Session Expiration Vulnerability in Emagic Data Center Management Suite","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-613","description":"CWE-613 Insufficient Session Expiration","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-114","descriptions":[{"lang":"en","value":"CAPEC-114 Authentication Abuse"}]}],"affected":[{"vendor":"ESDS","product":"Emagic Data Center Management Suite","versions":[{"status":"affected","version":"0","lessThanOrEqual":"V6.0","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. \nBy reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.\n","supportingMedia":[{"type":"text/html","base64":false,"value":"This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. <br>By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.<br>"}]}],"references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.2,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}],"solutions":[{"lang":"en","value":"Upgrade to Enlight360 Datacenter Management Center Suite with latest version v8.9\n","supportingMedia":[{"type":"text/html","base64":false,"value":"Upgrade to Enlight360 Datacenter Management Center Suite with latest version v8.9<br>"}]}],"credits":[{"lang":"en","value":"Chinamay Joshi of ESDS Software Solution Limited, Maharashtra","type":"finder"}],"source":{"discovery":"UNKNOWN"},"providerMetadata":{"orgId":"66834db9-ab24-42b4-be80-296b2e40335c","shortName":"CERT-In","dateUpdated":"2023-08-08T08:11:08.948Z"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T17:16:30.849Z"},"title":"CVE Program Container","references":[{"url":"https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2023-0226","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-10-10T17:58:04.736582Z","id":"CVE-2023-37570","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-10T17:58:16.654Z"}}]}}