Session Hijacking Vulnerability in IBM Security AppScan Enterprise
CVE-2013-2997

Currently unrated

Key Information:

Vendor: IBM
Status: Security Appscan
Vendor: CVE Published:; 8 September 2013

Summary

A vulnerability in IBM Security AppScan Enterprise versions prior to 8.7 allows attackers to hijack user sessions. This occurs because the application does not properly invalidate the session context upon logout. If a user leaves their workstation unattended after logging in, a remote attacker can exploit this flaw to assume the user’s session, potentially gaining unauthorized access to sensitive information and functions. It highlights the need for organizations to enforce strict session management practices.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21640352

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/84066

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 8, 2013
Vulnerability Reserved
Apr 12, 2013