CVE-2009-2749
published 2009-12-08CVE-2009-2749: Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which…
medium6.4CVSS 3.1
AVNACLAuNCNIPAP
Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | communications_enabled_applications | <= 1.0 | — |
| ibm | websphere_application_server | — | — |