Lucene search
IBM689DFCE1E4E2C477C2854F2A76ED3C1596B412A2B9DAF16C1F48EC0D3692D173HistoryOct 26, 2021 - 9:46 a.m.
Security Bulletin: Insufficient session expiration in IBM i2 iBase
2021-10-2609:46:31
www.ibm.com
7
0.0004 Low
EPSS
Percentile
5.1%
Summary
IBM i2 iBase provides insufficient login sessioon timeouts
Vulnerability Details
CVEID:CVE-2021-29868
**DESCRIPTION:**IBM i2 iBase could allow a local attacker to obtain sensitive information due to insufficient session expiration.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/206213 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM i2 iBase | All |
| IBM i2 iBase | 9.0.0 |
| IBM i2 iBase | 8.9.13 |
Remediation/Fixes
Please access your IBM product download portal and install the 9.0.5 release which remediates this issue
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm i2 ibase | eq | any | |
| ibm i2 ibase | eq | 9.0.0 | |
| ibm i2 ibase | eq | 8.9.13 |
Related
nvd
nvd
CVE-2021-29868
2021-10-27 16:15:07
cnvd
cnvd
IBM i2 iBase Information Disclosure Vulnerability (CNVD-2021-94902)
2021-10-29 00:00:00
cve
cve
CVE-2021-29868
2021-10-27 16:15:07
prion
prion
Session fixation
2021-10-27 16:15:00
cvelist
cvelist
CVE-2021-29868
2021-10-26 00:00:00
0.0004 Low
EPSS
Percentile
5.1%
Related for 689DFCE1E4E2C477C2854F2A76ED3C1596B412A2B9DAF16C1F48EC0D3692D173