Session Fixation Vulnerability in IBM WebSphere Portal Products
CVE-2018-1672

5MEDIUM

Key Information:

Vendor

IBM
Status
Websphere Portal
Vendor
CVE Published:
1 October 2018

What is CVE-2018-1672?

IBM WebSphere Portal versions 7.0, 8.0, 8.5, and 9.0 are susceptible to session fixation issues where the system may not properly establish the correct user context during certain impersonation processes. This flaw could potentially allow an unauthorized user to act under the identity of a legitimate user, leading to unauthorized access or manipulation of sensitive data. Security measures should be ensured to prevent exploitation of this vulnerability.

Affected Version(s)

WebSphere Portal 7.0

WebSphere Portal 8.0

WebSphere Portal 8.5

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/144958
vdb-entryx_refsource_XF
http://www.securitytracker.com/id/1041766
vdb-entryx_refsource_SECTRACK
https://www.ibm.com/support/docview.wss?uid=ibm10716981
x_refsource_CONFIRM

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.