Session Hijacking Vulnerability in IBM Security Identity Manager Virtual Appliance
CVE-2016-0340

7.4HIGH

Key Information:

Vendor

IBM
Status
Security Identity Manager Adapter
Vendor
CVE Published:
15 July 2016

What is CVE-2016-0340?

The IBM Security Identity Manager (ISIM) Virtual Appliance versions 7.0.0.0 through 7.0.1.1 prior to 7.0.1-ISS-SIM-FP0003 are susceptible to a session handling flaw. This vulnerability occurs when an unattended workstation fails to properly expire user sessions, allowing remote attackers to hijack those sessions. Successful exploitation of this vulnerability can grant unauthorized access to user accounts, potentially compromising sensitive information and system integrity. Implementing necessary updates and safeguarding workstations can mitigate the associated risks.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21985736
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036255
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/91692
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.