CVE-2017-9956

Name of the Vulnerable Software and Affected Versions U.motion Builder versions 1.2.1 and prior

Description The issue is caused by the use of a hard-coded valid session ID in the system. This allows a remote attacker to bypass the authentication procedure by using a specially crafted user cookie that includes the valid session ID. The attacker can exploit this to gain unauthorized access.

Recommendations For versions 1.2.1 and prior, consider disabling the use of session IDs in HTTP cookies as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using the hard-coded session ID in web requests until the issue is resolved.