Vulnerability Details CVE-2021-38618
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.7%
CVSS Severity
CVSS v3 Score 7.4
CVSS v2 Score 6.8
References
Products affected by CVE-2021-38618
-
cpe:2.3:a:gfos:workforce_management:4.8.272.1