2 matches found
Security Bulletin: Session Identifier Not Updated vulnerability affects IBM Security Guardium (CVE-2017-1270 )
Summary IBM Security Guardium does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. IBM Security Guardium has fixed this vulnerability. Vulnerability Details CVEID: CVE-2017-1270 DESCRIPTION: IBM Security Guardium does no...
CVE-2017-1270
Summary: IBM Security Guardium 10.0 has a fixable session-management issue: it does not renew the session variable after authentication, enabling potential session fixation/hijacking. Affected versions: Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3. Root cause: failure to renew the session value po...