First published: Sun Oct 18 2015(Updated: )
EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell EMC SourceOne | <=7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-6845 is classified as a medium severity vulnerability due to the ease of session ID guessing by remote attackers.
To fix CVE-2015-6845, upgrade EMC SourceOne Email Supervisor to version 7.2 or later, where the random session ID generation is properly implemented.
The impact of CVE-2015-6845 is unauthorized access to user sessions, potentially leading to data exposure and manipulation.
CVE-2015-6845 is not present in EMC SourceOne Email Supervisor versions 7.2 and later, as the vulnerability has been addressed.
Organizations using EMC SourceOne Email Supervisor versions earlier than 7.2 are affected by CVE-2015-6845.