Session Fixation Vulnerability in IBM Security Guardium Big Data Intelligence
CVE-2018-1375
5.9MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 29 May 2018
Summary
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is susceptible to a session fixation vulnerability that does not properly renew session variables post-authentication. This oversight allows an attacker to potentially exploit a known cookie, compelling an authenticated user to utilize it, thereby increasing the risk of unauthorized access. This vulnerability emphasizes the importance of robust session management measures to maintain the confidentiality and integrity of user sessions.
Affected Version(s)
Security Guardium Big Data Intelligence 3.1
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved