CVE-2009-2165

Name: CVE-2009-2165
Creator: NVD / NIST
Published: 2009-06-22T20:30:00.267+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.40%

Last modified Jun 16, 2026

CVE-2009-2165 is a vulnerability of currently unknown severity. SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.. EPSS estimates a 1.40% chance of exploitation in the next 30 days.

Description

SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and 3.00 beta023 and earlier 3.x versions, uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id.

Metrics

EPSS Probability

1.40%

69.1th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions	Update
Serendipitynz	Serene Bach	<= 2.20r	—
Serendipitynz	Serene Bach	1.18r	—
Serendipitynz	Serene Bach	1.19r	—
Serendipitynz	Serene Bach	2.05r	—
Serendipitynz	Serene Bach	2.08d	—
Serendipitynz	Serene Bach	2.09r	—
Serendipitynz	Serene Bach	3.00	Beta023

References

Timeline

Published: Jun 22, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-2165?

How severe is CVE-2009-2165?

Severity scoring for CVE-2009-2165 is pending analysis. The EPSS model estimates a 1.40% probability of exploitation in the next 30 days.

How do I fix CVE-2009-2165?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-2165?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST