Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CA 2E Web Option 输入验证错误漏洞
Vulnerability Description
CA 2E Web Option是美国CA技术公司的一套CA 2E应用程序Web接口开发工具。 CA 2E Web Option r8.1.2版本中存在输入验证漏洞,该漏洞源于程序没有充分验证令牌。远程攻击者通过可预测的会话令牌利用该漏洞获取特权,也可能造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A