Token Refresh Vulnerability in Novell iManager Product
CVE-2013-3268

Currently unrated

Key Information:

Vendor: Novell
Status: Imanager
Vendor: CVE Published:; 24 April 2013

What is CVE-2013-3268?

Novell iManager 2.7 prior to SP6 Patch 1 has a security flaw where the system fails to refresh session tokens after a user logs out. This oversight could potentially allow an attacker to exploit the session and gain unauthorized access to sensitive functionalities. The vulnerability exposes users to remote attack vectors, creating a risk of security breaches by maintaining active session tokens mistakenly left intact post-logout.

References

http://www.novell.com/support/kb/doc.php?id=7010166

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/83761

vdb-entryx_refsource_XF

https://bugzilla.novell.com/show_bug.cgi?id=807429

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2013
Vulnerability Reserved
Apr 24, 2013