CVE-2006-4099

Name of the Vulnerable Software and Affected Versions Business Objects Crystal Enterprise versions 9 through 10

Description The issue allows remote attackers to hijack sessions of other users due to the generation of predictable session identifiers. This is achieved via WCSID cookie values.

Recommendations For Business Objects Crystal Enterprise versions 9 through 10, consider regenerating session identifiers with improved randomness to prevent predictability and potential session hijacking. As a temporary workaround, restrict access to sensitive operations that rely on session identifiers to minimize the risk of exploitation.