Session Fixation Vulnerability in IBM Initiate Master Data Service
CVE-2014-4789

Currently unrated

Key Information:

Vendor: IBM
Status: Initiate Master Data Service
Vendor: CVE Published:; 10 September 2014

Summary

A session fixation vulnerability exists in IBM Initiate Master Data Service that allows remote attackers to hijack active web sessions. This risk occurs due to insufficient validation in the session management process, enabling attackers to exploit the vulnerability through various unspecified vectors. Effective mitigation strategies should be adopted to safeguard against such sessions compromise.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21682450

x_refsource_CONFIRM

http://secunia.com/advisories/60996

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/95059

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Sep 10, 2014
Vulnerability Reserved
Jul 9, 2014