3.04

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

emc

critical

NVD

Published: 2015-07-05

Updated: 2016-12-28

Summary

EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. <a href="https://cwe.mitre.org/data/definitions/331.html">CWE-331: Insufficient Entropy</a>

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Secure Remote Services 3.02 EMC Secure Remote Services 3.03 EMC Secure Remote Services 3.04	3

References

http://seclists.org/bugtraq/2015/Jun/132
http://www.securitytracker.com/id/1032740