Vulnerabilities > CVE-2009-4354 - Credentials Management vulnerability in Transware Active! Mail 1.422/2.0

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

transware

CWE-255

NVD

Published: 2009-12-17

Updated: 2017-08-17

Summary

TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not properly secure the session ID in a session cookie, which allows remote attackers to hijack web sessions, probably related to the "secure" flag for cookies in SSL sessions.

Vulnerable Configurations

Part	Description	Count
Application	Transware Transware Active! Mail 1.422 Transware Active! Mail 2.0 Transware Active! Mail *	3

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://jvn.jp/en/jp/JVN36207497/index.html
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000077.html
http://www.transware.co.jp/support_am/security/vulnerability1.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/54752