Session Identifier Management Flaw in IBM Security Identity Manager Virtual Appliance
CVE-2016-0339

5.6MEDIUM

Key Information:

Vendor
IBM
Status
Security Identity Manager Adapter
Vendor
CVE Published:
15 July 2016

Summary

The IBM Security Identity Manager Virtual Appliance versions 7.0.0.0 through 7.0.1.1 prior to fix pack 7.0.1-ISS-SIM-FP0003 suffers from a vulnerability where session identifiers are not managed correctly after logout. This flaw enables remote attackers to exploit session identifiers and potentially impersonate users, increasing the risk of unauthorized access. Addressing this issue is critical to maintaining robust identity management and protecting sensitive user information.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21985736
x_refsource_CONFIRM
http://www.securityfocus.com/bid/91689
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1036255
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.