Session Fixation Vulnerability in IBM Cognos Command Center
CVE-2013-4001

Currently unrated

Key Information:

Vendor: IBM
Status: Cognos Command Center
Vendor: CVE Published:; 14 December 2013

What is CVE-2013-4001?

A session fixation vulnerability exists in IBM Cognos Command Center versions prior to 10.2, allowing remote attackers to hijack active web sessions. This vulnerability can be exploited via manipulation of an authorization cookie, which, if intercepted or controlled by an attacker, grants unauthorized access to user sessions, potentially leading to sensitive data exposure.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/85151

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg21657932

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2013
Vulnerability Reserved
Jun 7, 2013