Session fixation

2012-02-0620:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.8%

JSON

Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an “open client session.”

CPENameOperatorVersion
altiris_client_management_suite_pcanywhere_solutioneq12.6
altiris_client_management_suite_pcanywhere_solutioneq12.5 sp2
altiris_client_management_suite_pcanywhere_solutioneq12.6 sp1
altiris_client_management_suite_pcanywhere_solutioneq12.6 sp2
altiris_client_management_suite_pcanywhere_solutioneq12.5
altiris_client_management_suite_pcanywhere_solutioneq12.5 sp1
altiris_deployment_solution_remote_pcanywhere_solutioneq12.5
altiris_deployment_solution_remote_pcanywhere_solutioneq12.5 sp2
altiris_deployment_solution_remote_pcanywhere_solutioneq12.6 sp2
altiris_deployment_solution_remote_pcanywhere_solutioneq12.5 sp1

Name	Operator	Version
altiris_client_management_suite_pcanywhere_solution	eq	12.6
altiris_client_management_suite_pcanywhere_solution	eq	12.5 sp2
altiris_client_management_suite_pcanywhere_solution	eq	12.6 sp1
altiris_client_management_suite_pcanywhere_solution	eq	12.6 sp2
altiris_client_management_suite_pcanywhere_solution	eq	12.5
altiris_client_management_suite_pcanywhere_solution	eq	12.5 sp1
altiris_deployment_solution_remote_pcanywhere_solution	eq	12.5
altiris_deployment_solution_remote_pcanywhere_solution	eq	12.5 sp2
altiris_deployment_solution_remote_pcanywhere_solution	eq	12.6 sp2
altiris_deployment_solution_remote_pcanywhere_solution	eq	12.5 sp1