{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T07:38:47.597","vulnerabilities":[{"cve":{"id":"CVE-2021-25992","sourceIdentifier":"vulnerabilitylab@mend.io","published":"2022-02-10T10:15:13.973","lastModified":"2026-06-17T03:42:44.867","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks."},{"lang":"es","value":"En Ifme, versiones 1.0.0 a v.7.33.2, no invalidan apropiadamente la sesión de un usuario incluso después de que éste haya iniciado la sesión. Esto hace posible que un atacante pueda reusar las cookies del administrador, ya sea por medio de un acceso local/de red o mediante otros hipotéticos ataques"}],"affected":[{"source":"vulnerabilitylab@mend.io","affectedData":[{"vendor":"ifmeorg","product":"ifme","versions":[{"version":"1.0.0","lessThan":"unspecified","versionType":"custom","status":"affected"},{"version":"unspecified","lessThanOrEqual":"v7.33.2","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"vulnerabilitylab@mend.io","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:if-me:ifme:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"7.33.2","matchCriteriaId":"6E1D784A-C106-43D7-9302-4A4654BE9E7D"}]}]}],"references":[{"url":"https://github.com/ifmeorg/ifme/commit/014f6d3526a594109d4d6607c2f30b1865e37611","source":"vulnerabilitylab@mend.io","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25992","source":"vulnerabilitylab@mend.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/ifmeorg/ifme/commit/014f6d3526a594109d4d6607c2f30b1865e37611","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25992","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}