Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCD7EB9A86921F71E04B5E7362B50025EE85B1471F706C90C8C45872D9064DF0C
HistoryMar 13, 2020 - 7:26 p.m.

Security Bulletin: IBM Cloud Automation Manager Session Fixation Vulnerability (CVE-2019-4617)

2020-03-1319:26:05
www.ibm.com
7

0.0004 Low

EPSS

Percentile

12.7%

JSON

Summary

IBM Cloud Automation Manager Session Fixation Vulnerability

Vulnerability Details

CVEID:CVE-2019-4617
**DESCRIPTION:**IBM Cloud Automation Manager does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168645 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Automation Manager 3.2.1.0

Remediation/Fixes

Upgrade to IBM Cloud Automation Manager 3.2.1.1 or newer.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud automation managereq3.2.1.0

Related

prion 1
cvelist 1
cve 1
nvd 1
prion
prion
Session fixation
2020-03-16 16:15:00
cvelist
cvelist
CVE-2019-4617
2020-03-13 00:00:00
cve
cve
CVE-2019-4617
2020-03-16 16:15:12
nvd
nvd
CVE-2019-4617
2020-03-16 16:15:12

0.0004 Low

EPSS

Percentile

12.7%

JSON
Related for CD7EB9A86921F71E04B5E7362B50025EE85B1471F706C90C8C45872D9064DF0C
prion1cvelist1cve1nvd1