Session Fixation Vulnerability in IBM Spectrum Control by IBM
CVE-2019-4072

4.7MEDIUM

Key Information:

Vendor: IBM
Status: Spectrum Control Standard Edition
Vendor: CVE Published:; 9 May 2019

Summary

IBM Spectrum Control Standard Edition (versions 5.2.1 to 5.2.17) contains a session fixation vulnerability that allows logged-out users to remain idle and retain access to the application. By using the back button, users can stay logged in for a brief period, potentially exposing sensitive information. This behavior can lead to unauthorized access and data disclosure opportunities for malicious actors who take advantage of the session persistence.

Affected Version(s)

Spectrum Control Standard Edition 5.2.1

Spectrum Control Standard Edition 5.2.8

Spectrum Control Standard Edition 5.2.11

References

http://www.ibm.com/support/docview.wss?uid=ibm10873036

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/157064

vdb-entryx_refsource_XF

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2019
Vulnerability Reserved
Jan 3, 2019