CVE-2009-4314 — RAY Server Software vulnerability

CWE-2643 documents3 sources

Severity

4.4MEDIUMNVD

EPSS

0.1%

top 84.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN RAY Server Software

Timeline

PublishedDec 14

Latest updateMay 2

Description

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

▶NVDsun/ray4.1

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-c7ww-xrv2-6x29: Sun Ray Server Software 4↗2022-05-02

▶

CVEList

CVE-2009-4314: Sun Ray Server Software 4↗2009-12-14

▶