Client-Side Enforcement of Server-Side Security

CVE-2017-14013

Medium

5.6/10

Summary

A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: LOW
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-602 - Client-Side Enforcement of Server-Side Security

The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References

Advisory Timeline

Published Oct 17, 2017

Client-Side Enforcement of Server-Side Security

CVE-2017-14013

Summary

CWE-602 - Client-Side Enforcement of Server-Side Security

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS