IBM Cognos Controller Session Invalidation Vulnerability
CVE-2023-40695
6.3MEDIUM
Summary
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.
Affected Version(s)
Cognos Controller = 10.4.1, 10.4.2, 11.0.0
CVSS V3.1
Score:
6.3
Severity:
MEDIUM
Confidentiality:
LOW
Integrity:
LOW
Availability:
LOW
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Timeline
Risk change from: null to: 6.3 - (MEDIUM)
Vulnerability published.
Collectors
NVD DatabaseMitre Database