CVE-2017-14007

CVE-2017-14007

Vendor N/A
Product ProMinent MultiFLEX M10a Controller
Weakness CWE-613 · Insufficient session expiration
Published October 17, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing an attacker to reuse an old session for authorization.

Key dates

02Disclosure timeline

October 17, 2017 CVE published
August 5, 2024 Record updated