Session Identifier Management Flaw in IBM Security Identity Manager Virtual Appliance
CVE-2016-0339

5.6MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
15 July 2016

Summary

The IBM Security Identity Manager Virtual Appliance versions 7.0.0.0 through 7.0.1.1 prior to fix pack 7.0.1-ISS-SIM-FP0003 suffers from a vulnerability where session identifiers are not managed correctly after logout. This flaw enables remote attackers to exploit session identifiers and potentially impersonate users, increasing the risk of unauthorized access. Addressing this issue is critical to maintaining robust identity management and protecting sensitive user information.

References

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.