Session Identifier Management Flaw in IBM Security Identity Manager Virtual Appliance
CVE-2016-0339
5.6MEDIUM
Summary
The IBM Security Identity Manager Virtual Appliance versions 7.0.0.0 through 7.0.1.1 prior to fix pack 7.0.1-ISS-SIM-FP0003 suffers from a vulnerability where session identifiers are not managed correctly after logout. This flaw enables remote attackers to exploit session identifiers and potentially impersonate users, increasing the risk of unauthorized access. Addressing this issue is critical to maintaining robust identity management and protecting sensitive user information.
References
CVSS V3.1
Score:
5.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved