CVE-2020-13229

Name of the Vulnerable Software and Affected Versions Sysax Multi Server version 6.90

Description An issue allows a session to be hijacked by observing the sid value in any "/scgi" API endpoint, as it serves as an authentication token.

Recommendations For Sysax Multi Server version 6.90, consider restricting access to the "/scgi" API endpoint to minimize the risk of session hijacking until a patch is available. Avoid using the sid value as an authentication token in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.