CA Technologies Support is alerting customers to a potential risk in CA 2E Web Option (C2WEB). A vulnerability exists that can allow an attacker to exploit an authentication weakness and execute a session prediction attack. The vulnerability is due to a predictable session token. An unauthenticated attacker can manipulate a session token to gain privileged access to a valid session. CA Technologies has issued fixes to address the vulnerability.
247fe44dc1a90f28ce7172ae849a60bcf1082bf0a37c830c18c17a151f66419cCA 2E Web Option version 8.1.2 suffers from an unauthenticated privilege escalation vulnerability that can allow for a denial of service condition.
cb6ba2704a2a0e3d944bde61fec01be38663ee9a4892d786234c64e6316d2156
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed