CVE-2021-3113

HIGH

Netsia SEBA+ <0.16.1 build 70-e669dcd7 - Info Disclosure

Title source: llm

Description

Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and can then use that cookie immediately for admin access,

Exploits (1)

exploitdb WORKING POC VERIFIED

by AkkuS · rubywebappsmultiple

https://www.exploit-db.com/exploits/49435

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49435

[Vendor Advisory] https://www.netsia.com/#netsiaseba

[Exploit, Third Party Advisory] https://www.pentest.com.tr/exploits/Netsia-SEBA-0-16-1-Authentication-Bypass-Add-Root-User-Metasploit.html

Scores

CVSS v3 7.5

EPSS 0.0084

EPSS Percentile 74.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-425

Status published

Affected Products (1)

netsia/seba\+ < 0.16.1

Timeline

Published Jan 17, 2021

Tracked Since Feb 18, 2026