CVE-2024-11317
CRITICALProduct - Session Fixation
Title source: llmDescription
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
Scores
CVSS v3
10.0
EPSS
0.0029
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Classification
CWE
CWE-384
Status
published
Affected Products (19)
abb/aspect-ent-2_firmware
< 3.08.03
abb/aspect-ent-256_firmware
< 3.08.03
abb/aspect-ent-96_firmware
< 3.08.03
abb/nexus-2128_firmware
< 3.08.03
abb/nexus-2128-a_firmware
< 3.08.03
abb/nexus-2128-f_firmware
< 3.08.03
abb/nexus-2128-g_firmware
< 3.08.03
abb/nexus-264_firmware
< 3.08.03
abb/nexus-264-a_firmware
< 3.08.03
abb/nexus-264-g_firmware
< 3.08.03
abb/nexus-3-2128_firmware
< 3.08.03
abb/aspect-ent-12_firmware
< 3.08.03
abb/nexus-264-f_firmware
< 3.08.03
abb/nexus-3-264_firmware
< 3.08.03
abb/matrix-11_firmware
< 3.08.03
... and 4 more
Timeline
Published
Dec 05, 2024
Tracked Since
Feb 18, 2026