CVE-2014-0999

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
VendorProductVersion
sendiosendio
𝑥
≤ 7.2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html
http://seclists.org/fulldisclosure/2015/May/95
http://www.exploit-db.com/exploits/37114
http://www.securityfocus.com/archive/1/535592/100/0/threaded
http://www.sendio.com/software-release-history/
http://packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.html
http://seclists.org/fulldisclosure/2015/May/95
http://www.exploit-db.com/exploits/37114
http://www.securityfocus.com/archive/1/535592/100/0/threaded
http://www.sendio.com/software-release-history/