Vulnerability-Lookup

CNVD-2015-06632

Vulnerability from cnvd - Published: 2015-10-19

Title

EMC SourceOne Email Supervisor会话劫持漏洞

Description

EMC SourceOne Email Supervisor是电子邮件及即时消息内容监控及管理解决方案。 EMC SourceOne Email Supervisor Reviewer在实现上存在会话劫持漏洞。攻击者利用此漏洞可猜测其他用户的会话ID。

Severity

高

Patch Name

EMC SourceOne Email Supervisor会话劫持漏洞的补丁

Patch Description

EMC SourceOne Email Supervisor是电子邮件及即时消息内容监控及管理解决方案。 EMC SourceOne Email Supervisor Reviewer在实现上存在会话劫持漏洞。攻击者利用此漏洞可猜测其他用户的会话ID。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.emc.com/data-protection/emc-sourceone/email-supervisor.htm

Reference

http://www.securityfocus.com/archive/1/536662

Impacted products

Name
EMC EMC SourceOne Email Supervisor <7.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6845"
    }
  },
  "description": "EMC SourceOne Email Supervisor\u662f\u7535\u5b50\u90ae\u4ef6\u53ca\u5373\u65f6\u6d88\u606f\u5185\u5bb9\u76d1\u63a7\u53ca\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nEMC SourceOne Email Supervisor Reviewer\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u731c\u6d4b\u5176\u4ed6\u7528\u6237\u7684\u4f1a\u8bddID\u3002",
  "discovererName": "EMC",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://www.emc.com/data-protection/emc-sourceone/email-supervisor.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06632",
  "openTime": "2015-10-19",
  "patchDescription": "EMC SourceOne Email Supervisor\u662f\u7535\u5b50\u90ae\u4ef6\u53ca\u5373\u65f6\u6d88\u606f\u5185\u5bb9\u76d1\u63a7\u53ca\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\r\nEMC SourceOne Email Supervisor Reviewer\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u731c\u6d4b\u5176\u4ed6\u7528\u6237\u7684\u4f1a\u8bddID\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "EMC SourceOne Email Supervisor\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "EMC EMC SourceOne Email Supervisor \u003c7.2"
  },
  "referenceLink": "http://www.securityfocus.com/archive/1/536662",
  "serverity": "\u9ad8",
  "submitTime": "2015-10-14",
  "title": "EMC SourceOne Email Supervisor\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e"
}

CVE-2015-6845 (GCVE-0-2015-6845)

Vulnerability from cvelistv5 – Published: 2015-10-18 14:00 – Updated: 2024-08-06 07:36

Summary

EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID.

Severity ?

No CVSS data available.

CWE

Assigner

dell

References

URL

Tags

	http://seclists.org/bugtraq/2015/Oct/58	mailing-listx_refsource_BUGTRAQ
	http://packetstormsecurity.com/files/133922/EMC-S…	x_refsource_MISC
	http://www.securitytracker.com/id/1033787	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:36:34.407Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20151011 ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://seclists.org/bugtraq/2015/Oct/58"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html"
          },
          {
            "name": "1033787",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033787"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-06T18:57:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "20151011 ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://seclists.org/bugtraq/2015/Oct/58"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html"
        },
        {
          "name": "1033787",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033787"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security_alert@emc.com",
          "ID": "CVE-2015-6845",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20151011 ESA-2015-153 EMC SourceOne Email Supervisor Security Update for Multiple Security Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://seclists.org/bugtraq/2015/Oct/58"
            },
            {
              "name": "http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/133922/EMC-SourceOne-Email-Supervisor-XSS-Session-Hijacking.html"
            },
            {
              "name": "1033787",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033787"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2015-6845",
    "datePublished": "2015-10-18T14:00:00",
    "dateReserved": "2015-09-10T00:00:00",
    "dateUpdated": "2024-08-06T07:36:34.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-06632

CVE-2015-6845 (GCVE-0-2015-6845)

Tags

Sightings

Nomenclature