exploitDog

GHSA-52gh-q32v-jm2r

Опубликовано: 22 нояб. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.

Ссылки

EPSS

Процентиль: 19%

0.00059

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-613

Связанные уязвимости

CVE-2022-40228

CVSS3: 3.7

nvd

около 3 лет назад

IBM DataPower Gateway 10.0.3.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.9, 2018.4.1.0 through 2018.4.1.22, and 10.5.0.0 through 10.5.0.2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235527.

EPSS

Процентиль: 19%

0.00059

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-613