Vulnerability Details : CVE-2015-0544
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.
Products affected by CVE-2015-0544
- cpe:2.3:a:emc:secure_remote_services:3.03:*:*:*:virtual:*:*:*
- cpe:2.3:a:emc:secure_remote_services:3.04:*:*:*:virtual:*:*:*
- cpe:2.3:a:emc:secure_remote_services:3.02:*:*:*:virtual:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0544
0.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0544
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2015-0544
-
http://seclists.org/bugtraq/2015/Jun/132
Bugtraq: ESA-2015-097: EMC Secure Remote Services (ESRS) Virtual Edition (VE) Multiple Security Vulnerabilities
-
http://www.securitytracker.com/id/1032740
EMC Secure Remote Services Virtual Edition Certificate Validation and Session Cookie Randomization Flaws Let Remote Users Spoof Systems and Gain Full Control of the Target System - SecurityTracker
Jump to