Description
GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and then alter or disclose the information via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN73472345/index.html
Vendor Advisory x_refsource_misc
https://www.grandit.jp/etc/20200228_letter.pdf
Scores
CVSS v3
6.5
EPSS
0.0042
EPSS Percentile
61.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-639
Status
published
Products (6)
grandit/grandit
1.6
grandit/grandit
2.0
grandit/grandit
2.1
grandit/grandit
2.2
grandit/grandit
2.3
grandit/grandit
3.0
Published
Mar 02, 2020
Tracked Since
Feb 18, 2026