Description
A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101259
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-285-01
Scores
CVSS v3
5.6
EPSS
0.0093
EPSS Percentile
55.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-602
CWE-669
Status
published
Products (2)
n/a/ProMinent MultiFLEX M10a Controller
ProMinent MultiFLEX M10a Controller
prominent/multiflex_m10a_controller_firmware
Published
Oct 17, 2017
Tracked Since
Feb 18, 2026