Session Hijacking Vulnerability in CA Unified Infrastructure Management

Session Hijacking Vulnerability in CA Unified Infrastructure Management

CVE-2016-9165 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The get_sessions servlet in CA Unified Infrastructure Management (formerly CA Nimsoft Monitor) before 8.5 and CA Unified Infrastructure Management Snap (formerly CA Nimsoft Monitor Snap) allows remote attackers to obtain active session ids and consequently bypass authentication or gain privileges via unspecified vectors.

Learn more about our Infrastructure Penetration Testing.