Unrated severityNVD Advisory· Published Feb 14, 2014· Updated Apr 29, 2026

CVE-2014-1219

Description

CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end of this substring, as demonstrated by terminating a session via a modified SSNID parameter to web2edoc/close.htm.

Affected products

Broadcom Corporation/2e Web Option
cpe:2.3:a:broadcom:2e_web_option:r8.1.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1219/nvd
www.securityfocus.com/bid/65537nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.005
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000