CVE-2026-2337

A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.

CVSS

No CVSS.

References

Link	Resource
https://cds.thalesgroup.com/en/tcs-cert/CVE-2026-2337

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad en Plunet Plunet BusinessManager permite el secuestro de sesión, el robo de datos, acciones no autorizadas en nombre del usuario. Este problema afecta a Plunet BusinessManager: 10.15.1.

11 Feb 2026, 14:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-11 14:16

Updated : 2026-06-17 10:30

NVD link : CVE-2026-2337

Mitre link : CVE-2026-2337

CVE.ORG link : CVE-2026-2337

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2026-2337", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-2337", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "yes"}, {"technicalImpact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T14:19:22.609703Z"}}], "cvssMetricV40": [{"type": "Secondary", "source": "64c5ae8f-7972-4697-86a0-7ada793ac795", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "64c5ae8f-7972-4697-86a0-7ada793ac795", "affectedData": [{"vendor": "Plunet", "product": "Plunet BusinessManager", "versions": [{"status": "affected", "version": "10.15.1"}, {"status": "unaffected", "version": "10.22.3"}], "defaultStatus": "unaffected"}]}], "published": "2026-02-11T14:16:02.390", "references": [{"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2026-2337", "source": "64c5ae8f-7972-4697-86a0-7ada793ac795"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "64c5ae8f-7972-4697-86a0-7ada793ac795", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1."}, {"lang": "es", "value": "Una vulnerabilidad en Plunet Plunet BusinessManager permite el secuestro de sesi\u00f3n, el robo de datos, acciones no autorizadas en nombre del usuario. Este problema afecta a Plunet BusinessManager: 10.15.1."}], "lastModified": "2026-06-17T10:30:48.497", "sourceIdentifier": "64c5ae8f-7972-4697-86a0-7ada793ac795"}