CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 4CVE-2015-2804 – Alcatel-Lucent OmniSwitch Web Interface Weak Session ID
https://notcve.org/view.php?id=CVE-2015-2804
10 Jun 2015 — The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. La gestión de la interfaz web en Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400 y 6855 con firmware en versiones anteriores a 6.6.4.309.R01 y 6.6.5.x en versiones anteriores a 6.6.5.80.R02 genera identificadores de ... • https://packetstorm.news/files/id/132235 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 17EXPL: 5CVE-2015-2805 – Alcatel-Lucent OmniSwitch - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-2805
10 Jun 2015 — Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. Vulnerabilidad de CSRF en sec/content/sec_asa_users_local_db_add.htm... • https://packetstorm.news/files/id/132236 • CWE-352: Cross-Site Request Forgery (CSRF) •