Lucene search

IbmCVELIST:CVE-2018-1962

HistoryFeb 04, 2019 - 9:00 p.m.

CVE-2018-1962

2019-02-0421:00:00

ibm

www.cve.org

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

3.3

Confidence

High

EPSS

Percentile

5.1%

JSON

IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.

CNA Affected

[
  {
    "product": "Security Identity Manager",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.1"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=ibm10796380

www.securityfocus.com/bid/106854

exchange.xforce.ibmcloud.com/vulnerabilities/153658

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

AI Score

3.3

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2018-1962