CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-1219

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.049

EPSS Ranking 89.3%

CVSS Severity

CVSS v2 Score 5.1

References

http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/
http://www.securityfocus.com/bid/65537
http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/
http://www.securityfocus.com/bid/65537

Products affected by CVE-2014-1219

Broadcom » 2e Web Option » Version: r8.1.2

cpe:2.3:a:broadcom:2e_web_option:r8.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-1219

Products

Pricing

Contact Us