Unrated severityNVD Advisory· Published Jun 2, 2015· Updated May 6, 2026

CVE-2014-0999

Description

Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.

Affected products

Sendio/Sendio
cpe:2.3:a:sendio:sendio:*:*:*:*:*:*:*:*
Range: <=7.2.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/132022/Sendio-ESP-Information-Disclosure.htmlnvdExploit
seclists.org/fulldisclosure/2015/May/95nvdExploit
www.exploit-db.com/exploits/37114nvdExploit
www.sendio.com/software-release-history/nvdVendor Advisory
www.securityfocus.com/archive/1/535592/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000