Fixes for Inductive Automation Ignition 7.7.2. Bugs by Evgeny Druzhinin, Alexey Osipov, Ilya Karpov, and Gleb Gritsai. Simple bugs, simple list.
CVE-2015-0976
CVE-2015-0991
CVE-2015-0992
CVE-2015-0993
CVE-2015-0994
CVE-2015-0995
Please note!
These vulnerabilities are not exploitable remotely and cannot be exploited without user interaction. The exploit is only triggered when a local user runs the vulnerable application and loads the malformed URL to the JNLP.
Especially next one
After user logs out, the session is not removed. This could lead to session reuse by attacker with privileges of the same user.
Enjoy
No comments:
Post a Comment