CVE-2020-5539
MEDIUMGRANDIT 1.6-3.0 - Authentication Bypass via Session Impersonation
Title source: llmDescription
GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN73472345/index.html
Vendor Advisory x_refsource_misc
https://www.grandit.jp/etc/20200228_letter.pdf
Scores
CVSS v3
6.5
EPSS
0.0084
EPSS Percentile
53.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-639
Status
published
Products (6)
grandit/grandit
1.6
grandit/grandit
2.0
grandit/grandit
2.1
grandit/grandit
2.2
grandit/grandit
2.3
grandit/grandit
3.0
Published
Mar 02, 2020
Tracked Since
Feb 18, 2026