VulnerableCode Vulnerability Details - VCID-txyw-49ms-n3f4

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-txyw-49ms-n3f4

Essentials
Severities (9)
References (9)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-txyw-49ms-n3f4
Aliases	CVE-2015-0201 GHSA-45vg-2v73-vm62
Summary	Insufficiently random session id in Java SockJS client The Java SockJS client in this package generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-254	7PK - Security Features
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00182	https://api.first.org/data/v1/epss?cve=CVE-2015-0201
epss	0.00182	https://api.first.org/data/v1/epss?cve=CVE-2015-0201
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-45vg-2v73-vm62
generic_textual	MODERATE	https://github.com/advisories/GHSA-45vg-2v73-vm62
generic_textual	MODERATE	https://github.com/spring-projects/spring-framework
generic_textual	MODERATE	https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e
generic_textual	MODERATE	https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-0201
generic_textual	MODERATE	https://pivotal.io/security/cve-2015-0201

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2015-0201
		https://github.com/spring-projects/spring-framework
		https://github.com/spring-projects/spring-framework/commit/d63cfc8eebc396be009e733a81ebb4c984811f6e
		https://github.com/spring-projects/spring-framework/commit/dc5b5ca8ee09c890352f89b2dae58bc0132d6545
		https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0201
CVE-2015-0201		http://pivotal.io/security/cve-2015-0201
CVE-2015-0201		https://nvd.nist.gov/vuln/detail/CVE-2015-0201
CVE-2015-0201		https://pivotal.io/security/cve-2015-0201
GHSA-45vg-2v73-vm62		https://github.com/advisories/GHSA-45vg-2v73-vm62

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.3961
EPSS Score	0.00182
Published At	June 4, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:36:22.005893+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-websocket/CVE-2015-0201.yml	38.6.0