CVE-2019-19610

CVE-2019-19610

by adidionxlm

Abstract Advisory Information

RAQuest is a software solution for handling foreign withholding taxes.

A cookie is vulnerable to the session fixation vulnerability, allowing an attacker to define the session identifier that will be used to reference his session on the server side after the authentication.

Authors: Julien Oury–Nogues from Excellium-Services company

Version affected

Name: Halvotec Raquest
Versions: 10.23.10801.0

Common Vulnerability Scoring System

3.6
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Patches

Unknown

References

None

Vulnerability Disclosure Timeline

  • 22/08/2019: Vulnerability discovered.
  • 28/08/2019: vendor contacted.
  • 09/09/2019: vendor correctly receive the attachment.
  • 13/09/2019: Ask vendor an Acknowledgement.
  • 20/09/2019: Ask vendor an Acknowledgement.
  • 29/10/2019: Vendor does not considered this issue as it. No patch will be released.
  • 03/12/2019: Request CVE-ID
  • 17/12/2019: Responsible disclosure with CSSF and CERT-BUND
  • 24/12/2019: Public disclosure.
  • 27/03/2020: vendor announces a fix for end of May 2020
Top