Lucene search
HistoryFeb 02, 2024 - 1:15 a.m.
CVE-2023-50936
ibm powersc
session validation
authenticated user
user impersonation
system security
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
18.9%
IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.
Affected configurations
Node
ibmpowerscMatch1.3
ORibmpowerscMatch2.0
ORibmpowerscMatch2.1
Related
cnvd
cnvd
IBM PowerSC Session Fixation Vulnerability (CNVD-2024-09948)
2024-02-22 00:00:00
prion
prion
Code injection
2024-02-02 01:15:00
vulnrichment
vulnrichment
CVE-2023-50936 IBM PowerSC session fixation
2024-02-02 01:03:34
cvelist
cvelist
CVE-2023-50936 IBM PowerSC session fixation
2024-02-02 01:03:34
cve
cve
CVE-2023-50936
2024-02-02 01:15:08
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect PowerSC and PowerSC MFA
2024-02-05 20:23:16
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
18.9%
Related for NVD:CVE-2023-50936