Abstract Advisory Information
Security issue affecting the product AXIOM from the company AXIOMSL (http://axiomsl.com). The web application (Google Web Toolkit module) is vulnerable to Session Fixation attack. Vendor is informed about this vulnerability and the CVE ID is referenced into the release note of the product for the version in which the issue is fixed (and also in JIRA ticket).
Common Vulnerability Scoring System
The vulnerability is fixed from the version 9.7 through a patch and superior version are patched by default.
Vulnerability Disclosure Timeline
- 2015-07-01: Security note sent to AXIOMSL contact about the vulnerability.
- 2015-07-03: Acknowledge from AXIOMSL about reception of our note and start working on a fix.
- 2015-07-06: Ask for CVE ID to MITRE.
- 2015-07-09: Received CVE ID from MITRE.
- 2015-07-24: Received fix information from AXIOMSL.
- 2015-07-25: Creation of this advisory note.
- 2015-09-01: Ask to MITRE to publish CVE.