Primary

Context

SoftCOM iKSORIS Internet Starter Module Session Fixation Vulnerability

Vulnerability

A session fixation vulnerability has been identified in the Internet Starter module of SoftCOM iKSORIS system, affecting all versions prior to 79.0. This vulnerability allows an attacker with access to a user's browser to set an arbitrary session cookie value. The attacker can then wait for the user to log in and use the same cookie to take over the user's account. Additionally, the system does not terminate old sessions when new ones are created, extending the window of opportunity for such an attack.

Impact

Exploitation of this vulnerability allows for unauthorized account access by hijacking a user's session.

Remediation

Users can update to SoftCOM iKSORIS version 79.0 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SoftCOM iKSORIS Internet Starter Module Session Fixation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating