The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0151
