CVE-2015-6845

Опубликовано: 18 окт. 2015

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID.

Комментарий

CWE-331: Insufficient Entropy

Ссылки

http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html
Third Party Advisory
http://seclists.org/bugtraq/2015/Oct/58
Mailing List
http://www.securitytracker.com/id/1033787
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html
Third Party Advisory
http://seclists.org/bugtraq/2015/Oct/58
Mailing List
http://www.securitytracker.com/id/1033787
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:emc:sourceone_email_supervisor:*:*:*:*:*:*:*:*

Версия до 7.1 (включая)

EPSS

Процентиль: 81%

0.01493

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-3q95-7wc4-39vr

github

больше 3 лет назад