CVE-2015-0544
Summary
| CVE | CVE-2015-0544 |
|---|---|
| State | PUBLISHED |
| Assigner | dell |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-07-05 10:59:01 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value. |
Risk And Classification
Primary CVSS: v2.0 9.3 from [email protected]
AV:N/AC:M/Au:N/C:C/I:C/A:C
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:N/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Emc | Secure Remote Services | 3.02 | All | All | All |
| Application | Emc | Secure Remote Services | 3.03 | All | All | All |
| Application | Emc | Secure Remote Services | 3.04 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| EMC Secure Remote Services Virtual Edition Certificate Validation and Session Cookie Randomization Flaws Let Remote Users Spoof Systems and Gain Full Control of the Target System - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | |
| Bugtraq: ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | seclists.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.