Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA
CVSSv3

CVE-2024-49709

CVSSv4: 2.3 | CVSSv3: NA | CVSSv2: NA | VMScore: 330 | EPSS: 0.00054 | KEV: Not Included
Published: 14/04/2025 Updated: 15/04/2025

Vulnerability Summary

Session Hijacking Vulnerability in SoftCOM iKSORIS Internet Starter Module

A session hijacking vulnerability exists in SoftCOM iKSORIS system's Internet Starter module. An attacker with access to a user's browser can set an arbitrary session cookie and wait for the user to log in. Once the user authenticates, the attacker can use the same cookie to take over the user's account. The vulnerability is further complicated by the system's failure to destroy old sessions when creating new ones, which increases the potential attack window. This security issue has been addressed and patched in version 79.0 of the software.

Vulnerable Product Search on Vulmon Subscribe to Product

softcom iksoris

References

CWE-384https://nvd.nist.govhttps://www.first.org/epsshttps://cert.pl/en/posts/2025/04/CVE-2024-10087https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.html
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46485cross-site scriptingCVE-2025-34028sherpaCVE-2025-46506cross-site request forgerycovid-19 (coronavirus) update your customerscameraCVE-2025-46489availability calendarbas mattheeCVE-2025-46502CVE-2025-32433
Home
/
Search Results
/
CVE-2024-49709
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook