Primary

Context

MICROSENS NMP Web+ Insufficient Session Expiration Vulnerability Allowing Unauthorized System Access

Vulnerability

A vulnerability exists in MICROSENS NMP Web+ versions through 3.2.5, where JSON Web Tokens (JWT) do not expire. This flaw could enable an attacker to gain unauthorized access to the system by exploiting the persistent tokens.

Impact

Exploitation of this vulnerability could allow an attacker to gain unauthorized access to the system, potentially leading to unauthorized actions or access to sensitive information.

Remediation

Users are advised to update to NMP Web+ Version 3.3.0 for Windows or Linux. Instructions for downloading the updated version are available on the MICROSENS website.

Added: Jun 25, 2025, 6:15 PM

Updated: Jun 25, 2025, 6:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MICROSENS NMP Web+ Insufficient Session Expiration Vulnerability Allowing Unauthorized System Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating