CVE Catalog

CVE-2023-4228

LowCVSS 3.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

21th percentile — higher than 21% of all known CVEs

Summary

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

Risk Assessment

The organization may be exposed to unauthorized access to user session data, which could lead to serious security breaches and loss of confidentiality.

Recommendation

It is recommended to update the firmware to the latest version to mitigate this vulnerability and review user session security.

Original NVD description (English source)

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS