Session Fixation Vulnerability in IBM Security Guardium Big Data Intelligence
CVE-2018-1375

5.9MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
29 May 2018

Summary

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 is susceptible to a session fixation vulnerability that does not properly renew session variables post-authentication. This oversight allows an attacker to potentially exploit a known cookie, compelling an authenticated user to utilize it, thereby increasing the risk of unauthorized access. This vulnerability emphasizes the importance of robust session management measures to maintain the confidentiality and integrity of user sessions.

Affected Version(s)

Security Guardium Big Data Intelligence 3.1

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.