cbcvebase.
CVE-2001-1286
published 2001-10-12

CVE-2001-1286: Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an…

PriorityP421high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
3.50%
87.7th percentile
Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, which could allow remote attackers to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.

Affected

3 ranges
VendorProductVersion rangeFixed in
ipswitchimail
ipswitchimail
ipswitchimail
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.