Session Fixation Vulnerability in IBM Security Access Manager
CVE-2019-4152
5.1MEDIUM
Summary
IBM Security Access Manager versions 9.0.1 to 9.0.6 suffer from a session fixation vulnerability caused by not invalidating session tokens promptly. This flaw can potentially allow an attacker with local access to exploit a closed browser session, gaining unauthorized access. It emphasizes the need for stringent session management practices to ensure session tokens are efficiently invalidated upon user logout or session expiration.
Affected Version(s)
Security Access Manager 9.0.1
Security Access Manager 9.0.3
Security Access Manager 9.0.4
References
CVSS V3.1
Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved