EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html | Third Party Advisory |
http://seclists.org/bugtraq/2015/Oct/58 | Mailing List |
http://www.securitytracker.com/id/1033787 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2015-10-18 14:59
Updated : 2024-02-28 15:21
NVD link : CVE-2015-6845
Mitre link : CVE-2015-6845
CVE.ORG link : CVE-2015-6845
JSON object : View
Products Affected
emc
- sourceone_email_supervisor
CWE