CVE-2014-0635

Published: Apr 1, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:M/Au:S/C:C/I:P/A:P

Exploitability: 6.8 / Impact: 8.5

Source: NVD

Description

Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.

Affected (5)

Products: Emc: Vplex Geosynchrony

Emc

1 product

Vplex Geosynchrony

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Emc Vplex Geosynchrony	Version 4.0
Emc Vplex Geosynchrony	Version 5.0
Emc Vplex Geosynchrony	Version 5.1
Emc Vplex Geosynchrony	Version 5.2.1
Emc Vplex Geosynchrony	Version 5.2

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html

Source: security_alert@emc.com

http://archives.neohapsis.com/archives/bugtraq/2014-03/0157.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.