Session Fixation Vulnerability in IBM Cloud Automation Manager
CVE-2019-4617
5.9MEDIUM
Summary
The vulnerability allows an attacker to exploit the session management of IBM Cloud Automation Manager 3.2.1.0. It arises from the failure to renew session variables after successful authentication. This flaw can potentially lead to session fixation or hijacking, enabling attackers to use a cookie that may already be known to them, thus impersonating legitimate users and gaining unauthorized access to sensitive information and functionality. Properly managing session lifecycles is crucial to maintaining the integrity of user sessions and safeguarding user data.
Affected Version(s)
Cloud Automation Manager 3.2.1.0
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved