Unrated severityNVD Advisory· Published Dec 17, 2009· Updated Jun 16, 2026
CVE-2009-4353
CVE-2009-4353
Description
The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 and earlier, and possibly other versions before 2003.0139.0911, does not remove the session ID in a Referer URL, which allows remote attackers to hijack web sessions via vectors such as an email with an embedded URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:transware:active\!_mail:*:-:mobile:*:*:*:*:*+ 1 more
- cpe:2.3:a:transware:active\!_mail:*:-:mobile:*:*:*:*:*range: <=2003
- (no CPE)range: < 2003.0139.0911
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.