How severe is CVE-2016-4027?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2016-4027?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2016-4027 - LOW Severity | CVSS 3.5

Vulnerability Description

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced privileges or shared environments. However the setting was incorrectly recognized and cookies were stored regardless of this setting when the login was performed using a non-interactive login method. In case the setting was enforced by middleware configuration or the user went through the interactive login page, the workflow was correct. Cookies with authentication information may become available to other users on shared environments. In case the user did not properly log out from the session, third parties with access to the same client can access a user's account.

Related Vulnerabilities

CVE-2015-4962

LOW

CVSS:3.5(Low)

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3....

CWE-2002015

CVE-2015-7548

LOW

CVSS:3.5(Low)

OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read a...

CWE-2002015

CVE-2015-8509

LOW

CVSS:3.5(Low)

Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain ...

CWE-2002015

CVE-2016-6539

LOW

CVSS:3.5(Low)

The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth...

CWE-2002016

CVE-2017-1353

LOW

CVSS:3.5(Low)

IBM Atlas eDiscovery Process Management 6.0.3 could allow an authenticated attacker to obtain sensitive information when an unsuspecting user clicks on unsafe third-party links. IBM X-Force ID: 126680...

CWE-2002017

CVE-2017-17280

LOW

CVSS:3.5(Low)

NFC (Near Field Communication) module in Huawei mobile phones with software LON-AL00BC00 has an information leak vulnerability. The attacker has to trick a user to do some specific operations and then...

CWE-2002017