CVE-2015-6845

2015-10-1814:00:00

dell

www.cve.org

6.6 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID.

References

packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html

seclists.org/bugtraq/2015/Oct/58

www.securitytracker.com/id/1033787