CVE-2013-2049 — Session Fixation in Redhat Cloudforms Management Engine

CWE-384 — Session Fixation6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 63.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Cloudforms Management Engine

Timeline

PublishedMay 1

Latest updateMay 14

Description

Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDredhat/cloudforms_management_engine2.0

🔴Vulnerability Details

GHSA

GHSA-hwwg-f5h3-wwv3: Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token↗2022-05-14

▶

CVEList

CVE-2013-2049: Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token↗2018-05-01

▶

💥Exploits & PoCs

Exploit-DB

D-Link DCS-931L - Arbitrary File Upload (Metasploit)↗2016-01-07

▶

📋Vendor Advisories

Red Hat

2: static secret_token.rb value↗2013-11-13

▶

💬Community

Bugzilla

CVE-2013-2049 CloudForms Management Engine 2: static secret_token.rb value↗2013-05-03

▶