Description
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
Exploits (1)
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65537
Scores
EPSS
0.0613
EPSS Percentile
90.9%
Details
CWE
CWE-20
Status
published
Products (1)
broadcom/2e_web_option
r8.1.2
Published
Feb 14, 2014
Tracked Since
Feb 18, 2026