Session Fixation Vulnerability in IBM BigFix Platform
CVE-2018-1485

3.1LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
12 December 2018

Summary

The IBM BigFix Platform versions 9.2.0 to 9.2.14 and 9.5 to 9.5.9 are susceptible to a session fixation vulnerability. This issue arises due to the failure to renew session variables after successful authentication, allowing attackers to potentially exploit known session cookies. As a result, users may inadvertently be forced to use a session cookie that an attacker controls, which could lead to unauthorized access.

Affected Version(s)

BigFix Platform 9.5.9

BigFix Platform 9.2.0

BigFix Platform 9.2.14

References

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.