Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Alcatel-lucent Subscribe
Filtered by product Omniswitch 6450
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-2804 1 Alcatel-lucent 7 Omniswitch 6250, Omniswitch 6400, Omniswitch 6450 and 4 more 2018-10-09 4.3 MEDIUM N/A
The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack.
CVE-2015-2805 1 Alcatel-lucent 10 Omniswitch 10k, Omniswitch 6250, Omniswitch 6400 and 7 more 2018-10-09 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request.