CVE-2006-4099
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
Date published : 2006-11-29
http://www.securityfocus.com/bid/21350
http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf