Session Fixation Vulnerability in IBM InfoSphere Master Data Management Products
CVE-2013-5426

Currently unrated

Key Information:

Vendor: IBM
Status: Infosphere Master Data Management Server For Product Information Management; Infosphere Master Data Management Collaboration Server
Vendor: CVE Published:; 19 December 2013

Summary

A session fixation vulnerability exists in IBM InfoSphere Master Data Management products, allowing remote authenticated users to hijack active web sessions. Attackers can exploit unspecified vectors to set a session identifier for a user. When the user subsequently logs in, the attacker gains unauthorized access to that session, compromising the integrity and confidentiality of user data. It is crucial for organizations using affected versions to implement necessary updates and apply defensive coding practices to mitigate this risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21660082

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/87535

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 19, 2013
Vulnerability Reserved
Aug 22, 2013