CVE-2021-38618

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
04/10/2021
Last modified:
30/05/2025

Description

In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gfos:workforce_management:4.8.272.1:*:*:*:*:*:*:*