VulnerableCode Vulnerability Details - VCID-ctuh-5vv7-wqcd

Search for vulnerabilities

Vulnerability details: VCID-ctuh-5vv7-wqcd

Essentials
Severities (8)
References (15)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ctuh-5vv7-wqcd
Aliases	CVE-2014-3944 GHSA-9j8h-xrgj-7gw2
Summary	TYPO3 Improper Session Invalidation The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-287	Improper Authentication
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00186	https://api.first.org/data/v1/epss?cve=CVE-2014-3944
generic_textual	MODERATE	https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3944.yaml
generic_textual	MODERATE	https://github.com/TYPO3/typo3
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-3944
generic_textual	MODERATE	https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
generic_textual	MODERATE	http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
generic_textual	MODERATE	http://www.debian.org/security/2014/dsa-2942
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2014/06/03/2

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2014-3944
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946
		https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3944.yaml
		https://github.com/TYPO3/typo3
		https://nvd.nist.gov/vuln/detail/CVE-2014-3944
		https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
		https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
		http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
		http://www.debian.org/security/2014/dsa-2942
		http://www.openwall.com/lists/oss-security/2014/06/03/2

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.40941
EPSS Score	0.00186
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:28:57.684705+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9j8h-xrgj-7gw2/GHSA-9j8h-xrgj-7gw2.json	36.1.3