1. CVE-Search
  2. CVE-2015-0544
ID CVE-2015-0544
Summary EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. <a href="https://cwe.mitre.org/data/definitions/331.html">CWE-331: Insufficient Entropy</a>
References
Vulnerable Configurations
  • cpe:2.3:a:emc:secure_remote_services:3.02:*:*:*:virtual:*:*:*
    cpe:2.3:a:emc:secure_remote_services:3.02:*:*:*:virtual:*:*:*
  • cpe:2.3:a:emc:secure_remote_services:3.03:*:*:*:virtual:*:*:*
    cpe:2.3:a:emc:secure_remote_services:3.03:*:*:*:virtual:*:*:*
  • cpe:2.3:a:emc:secure_remote_services:3.04:*:*:*:virtual:*:*:*
    cpe:2.3:a:emc:secure_remote_services:3.04:*:*:*:virtual:*:*:*
CVSS
Base: 9.3 (as of 28-12-2016 - 02:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bugtraq 20150626 ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities
sectrack 1032740
Last major update 28-12-2016 - 02:59
Published 05-07-2015 - 10:59
Last modified 28-12-2016 - 02:59
Back to Top