CVE-2024-49709 — MEDIUM (4.4)

Q: How severe is CVE-2024-49709?

CVE-2024-49709 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-49709?

Check the references section above for vendor advisories and patch information. Affected products include: Softcom.Wroc Iksoris.

Vulnerability Description

Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user logs in and then use the same cookie to take over the account. Moreover, the system does not destroy the old sessions when creating new ones, what expands the time frame in which an attack might be performed. This vulnerability has been patched in version 79.0

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Softcom.Wroc	Iksoris	< 79.0

Related Weaknesses (CWE)

CWE-384

References

https://cert.pl/en/posts/2025/04/CVE-2024-10087Third Party Advisory
https://www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.htmlProduct

FAQ

What is CVE-2024-49709?

CVE-2024-49709 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user...

How severe is CVE-2024-49709?

CVE-2024-49709 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-49709?

Check the references section above for vendor advisories and patch information. Affected products include: Softcom.Wroc Iksoris.