CVE-2018-1962

Sažetak

IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.

Reference

http://www.ibm.com/support/docview.wss?uid=ibm10796380
http://www.securityfocus.com/bid/106854
https://exchange.xforce.ibmcloud.com/vulnerabilities/153658

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

09-10-2019 - 23:39

Objavljeno

04-02-2019 - 21:29