{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T06:17:45.700","vulnerabilities":[{"cve":{"id":"CVE-2018-16495","sourceIdentifier":"support@hackerone.com","published":"2021-05-26T19:15:08.573","lastModified":"2024-11-21T03:52:52.020","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with."},{"lang":"es","value":"En VOS, el identificador de sesión de usuario (token de autenticación) es emitido al navegador antes de la autenticación, pero no es cambiada después de que el usuario inicia sesión con pexito en la aplicación. Se produce un fallo en emitir una nueva ID de sesión después de un inicio de sesión con éxito introduce la posibilidad para un atacante de configurar una sesión trampa en el dispositivo con el que es probable que la víctima inicie sesión"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-384"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*","versionEndExcluding":"16.1r2s11","matchCriteriaId":"1E264C13-0CD8-49FB-868D-1CCF44906CDA"},{"vulnerable":true,"criteria":"cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"20.2.0","versionEndExcluding":"20.2.2","matchCriteriaId":"17ECACF2-A7D9-498F-AB4F-FEA707EC4D59"},{"vulnerable":true,"criteria":"cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*","versionStartIncluding":"21.1.0","versionEndExcluding":"21.1.1","matchCriteriaId":"76D6FE42-92E1-4CBE-B1EC-AD4D017127CB"}]}]}],"references":[{"url":"https://hackerone.com/reports/1168192","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1168192","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}