CVE-2023-40695 IBM Cognos Controller session fixation

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938...

CVE-2023-40695

Summary: CVE-2023-40695 affects IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0, where the product does not invalidate the user session after logout, enabling an authenticated user to impersonate another user. The issue is tied to session handling in IBM Cognos Controller and is documented with ...