Session Fixation Vulnerability in IBM BigFix Platform
CVE-2018-1485
3.1LOW
Summary
The IBM BigFix Platform versions 9.2.0 to 9.2.14 and 9.5 to 9.5.9 are susceptible to a session fixation vulnerability. This issue arises due to the failure to renew session variables after successful authentication, allowing attackers to potentially exploit known session cookies. As a result, users may inadvertently be forced to use a session cookie that an attacker controls, which could lead to unauthorized access.
Affected Version(s)
BigFix Platform 9.5.9
BigFix Platform 9.2.0
BigFix Platform 9.2.14
References
CVSS V3.1
Score:
3.1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved