In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks.
{ "versions": [ { "introduced": "1.0.0" }, { "last_affected": "7.33.2" } ] }
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25992.json"