CVE-2014-1219

Name of the Vulnerable Software and Affected Versions CA 2E Web Option version r8.1.2

Description The issue allows remote attackers to hijack sessions by changing characters at the end of a predictable substring of a W2E SSNID session token. This can be demonstrated by terminating a session via a modified SSNID parameter to "web2edoc/close.htm".

Recommendations For CA 2E Web Option version r8.1.2, consider restricting access to the web2edoc/close.htm endpoint until a patch is available. As a temporary workaround, avoid using the SSNID parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.