Lucene search
HistorySep 08, 2013 - 4:55 p.m.
CVE-2013-2997
ibm
security
appscan
enterprise
before 8.7
session hijack
vulnerability
nvd
1.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
44.4%
IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.
Affected configurations
Node
ibmsecurity_appscanRange≤8.6.0.2-enterprise
ORibmsecurity_appscanMatch5.6.0.0-enterprise
ORibmsecurity_appscanMatch6.0.0.0-enterprise
ORibmsecurity_appscanMatch6.0.1.0-enterprise
ORibmsecurity_appscanMatch6.0.2.0-enterprise
ORibmsecurity_appscanMatch6.1.1.0-enterprise
ORibmsecurity_appscanMatch8.0.0.0-enterprise
ORibmsecurity_appscanMatch8.0.0.1-enterprise
ORibmsecurity_appscanMatch8.0.0.2-enterprise
ORibmsecurity_appscanMatch8.0.1.0-enterprise
ORibmsecurity_appscanMatch8.0.1.1-enterprise
ORibmsecurity_appscanMatch8.0.11-enterprise
ORibmsecurity_appscanMatch8.5.0.0-enterprise
ORibmsecurity_appscanMatch8.5.0.1-enterprise
ORibmsecurity_appscanMatch8.6.0.0-enterprise
ORibmsecurity_appscanMatch8.6.0.1-enterprise
Related
cvelist
cvelist
CVE-2013-2997
2013-09-08 16:00:00
prion
prion
Design/Logic Flaw
2013-09-08 16:55:00
nvd
nvd
CVE-2013-2997
2013-09-08 16:55:06
seebug
seebug
IBM Security AppScan Enterprise 弱密码安全绕过漏洞(CVE-2013-0531)
2013-09-13 00:00:00
1.7 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:S/C:P/I:N/A:N
6.6 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
44.4%
Related for CVE-2013-2997