CVE-2014-3944

Description

The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.

How to fix CVE-2014-3944

To remediate CVE-2014-3944, upgrade the affected package to a fixed version below.

• Packagist/typo3/cms—upgrade to 6.2.3 or later

Is CVE-2014-3944 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• >= 6.2.0, < 6.2.3

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2014-3944
• PATCHgithub.com/TYPO3/typo3
• WEBgithub.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3944.yaml
• WEBtypo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001