Sematell ReplyOne Insecure Permissions Vulnerability in REST API Session Management
Vulnerability
A vulnerability exists in Sematell ReplyOne version 7.4.3.0 due to improper permission settings on the REST API sessions endpoint. This flaw allows any authenticated user to access active session data, including session tokens for administrators, potentially leading to session hijacking and privilege escalation.
Impact
Exploitation of this vulnerability could result in unauthorized access to administrative session tokens, allowing an attacker to impersonate an administrator within the application.
Reproduction
The vulnerability can be reproduced by sending a request to the '/rest/sessions' endpoint on either the application server or the web server. This can be done using a valid session cookie. The response will include all active sessions, including those of administrators, which can then be used to hijack the session and gain elevated privileges.
Remediation
Users are advised to update to the latest version of Sematell ReplyOne where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.