Session Fixation Vulnerability in IBM Cloud Automation Manager
CVE-2019-4617

5.9MEDIUM

Key Information:

Vendor

IBM
Status
Cloud Automation Manager
Vendor
CVE Published:
16 March 2020

What is CVE-2019-4617?

The vulnerability allows an attacker to exploit the session management of IBM Cloud Automation Manager 3.2.1.0. It arises from the failure to renew session variables after successful authentication. This flaw can potentially lead to session fixation or hijacking, enabling attackers to use a cookie that may already be known to them, thus impersonating legitimate users and gaining unauthorized access to sensitive information and functionality. Properly managing session lifecycles is crucial to maintaining the integrity of user sessions and safeguarding user data.

Affected Version(s)

Cloud Automation Manager 3.2.1.0

References

https://www.ibm.com/support/pages/node/5737689
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/168645
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.