Feature Pack for Communications Enabled Applications (CEA) prior to 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle malicious users to spoof a collaboration session by guessing the value.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere_application_server 7.0.0.7 |
||
ibm communications_enabled_applications |