CVE-2016-0340

7.4HIGH

Key Information:

Vendor
IBM
Status
Security Identity Manager Adapter
Vendor
CVE Published:
15 July 2016

Summary

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21985736
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036255
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/91692
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.