Session Fixation Vulnerability in IBM Spectrum Control by IBM
CVE-2019-4072

4.7MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
9 May 2019

Summary

IBM Spectrum Control Standard Edition (versions 5.2.1 to 5.2.17) contains a session fixation vulnerability that allows logged-out users to remain idle and retain access to the application. By using the back button, users can stay logged in for a brief period, potentially exposing sensitive information. This behavior can lead to unauthorized access and data disclosure opportunities for malicious actors who take advantage of the session persistence.

Affected Version(s)

Spectrum Control Standard Edition 5.2.1

Spectrum Control Standard Edition 5.2.8

Spectrum Control Standard Edition 5.2.11

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.