Vulnerability Description
EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emc | Sourceone Email Supervisor | <= 7.1 |
References
- http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-SThird Party Advisory
- http://seclists.org/bugtraq/2015/Oct/58Mailing List
- http://www.securitytracker.com/id/1033787Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-SThird Party Advisory
- http://seclists.org/bugtraq/2015/Oct/58Mailing List
- http://www.securitytracker.com/id/1033787Third Party AdvisoryVDB Entry
FAQ
What is CVE-2015-6845?
CVE-2015-6845 is a vulnerability with a CVSS score of 7.5 (HIGH). EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID.
How severe is CVE-2015-6845?
CVE-2015-6845 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6845?
Check the references section above for vendor advisories and patch information. Affected products include: Emc Sourceone Email Supervisor.