Security Bulletin: IBM Maximo Asset Management could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier (CVE-2016-9977)

Summary IBM Maximo Asset Management could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. Vulnerability Details CVEID: CVE-2016-9977...

CVE-2016-9977

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253...

CVE-2016-9977

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 120253...

CVE-2016-9977

CVE-2016-9977 affects IBM Maximo Asset Management core products 7.1, 7.5, and 7.6 (and related Industry Solutions and IBM Control Desk on top) with a vulnerability that allows remote session hijacking due to failure to invalidate an existing session identifier. Affected products include Maximo As...