Vulnerabilities > CVE-2006-4099 - Unspecified vulnerability in Businessobjects Crystal Enterprise 10/9

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
businessobjects

Summary

Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.

Vulnerable Configurations

Part Description Count
Application
Businessobjects
2