Vulnerabilities > CVE-2015-6845 - Unspecified vulnerability in EMC Sourceone Email Supervisor

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

emc

NVD

Published: 2015-10-18

Updated: 2016-12-08

Summary

EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. <a href="https://cwe.mitre.org/data/definitions/331.html">CWE-331: Insufficient Entropy</a>

Vulnerable Configurations

Part	Description	Count
Application	Emc EMC Sourceone Email Supervisor *	1

References

http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html
http://seclists.org/bugtraq/2015/Oct/58
http://www.securitytracker.com/id/1033787