CVE-2014-0999

Name of the Vulnerable Software and Affected Versions Sendio versions prior to 7.2.4

Description The issue allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header, as the session identifier is included in URLs in emails.

Recommendations For versions prior to 7.2.4, update to version 7.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and sessions to minimize the risk of exploitation.