Unrated severityNVD Advisory· Published Nov 26, 2001· Updated Apr 16, 2026

CVE-2001-0922

Description

ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier versions, allows remote attackers to steal session IDs and hijack user sessions by reading the SPIDERSESSION and uniqueValue variables from the login field, then using those variables after the next user logs in.

Affected products

Sun Corporation/Netdynamics5 versions
cpe:2.3:a:sun:netdynamics:4.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:sun:netdynamics:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:netdynamics:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:netdynamics:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:netdynamics:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:sun:netdynamics:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/3583nvdPatchVendor Advisory
marc.infonvd
exchange.xforce.ibmcloud.com/vulnerabilities/7620nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000