Session Fixation Vulnerability in IBM Spectrum Control by IBM
CVE-2019-4072
4.7MEDIUM
Summary
IBM Spectrum Control Standard Edition (versions 5.2.1 to 5.2.17) contains a session fixation vulnerability that allows logged-out users to remain idle and retain access to the application. By using the back button, users can stay logged in for a brief period, potentially exposing sensitive information. This behavior can lead to unauthorized access and data disclosure opportunities for malicious actors who take advantage of the session persistence.
Affected Version(s)
Spectrum Control Standard Edition 5.2.1
Spectrum Control Standard Edition 5.2.8
Spectrum Control Standard Edition 5.2.11
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved