Session Management Issue in IBM WebSphere DataPower XC10 Appliances
CVE-2013-5446

Currently unrated

Key Information:

Vendor: IBM
Status: Websphere Datapower Xc10 Appliance; Websphere Datapower Xc10 Appliance Firmware
Vendor: CVE Published:; 22 October 2013

Summary

IBM WebSphere DataPower XC10 appliances versions 2.1.0 and 2.5.0 exhibit a session management vulnerability where the console fails to handle logoff actions appropriately. This oversight could potentially allow unauthorized access or other malicious activities via remote attack vectors, leading to undefined impacts on security. It is crucial for users to apply the recommended patches and follow security best practices to mitigate the risks associated with this vulnerability.

References

http://www.ibm.com/support/docview.wss?uid=swg21653546

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/87910

vdb-entryx_refsource_XF

http://www-01.ibm.com/support/docview.wss?uid=swg1IC93164

vendor-advisoryx_refsource_AIXAPAR

Timeline

Vulnerability published
Oct 22, 2013
Vulnerability Reserved
Aug 22, 2013