exploitDog

GHSA-66qr-qx58-vxmr

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.5

Описание

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776.

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776.

Ссылки

EPSS

Процентиль: 36%

0.00149

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-384

Связанные уязвимости

CVE-2018-1375

CVSS3: 5.9

nvd

больше 7 лет назад

IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 137776.

EPSS

Процентиль: 36%

0.00149

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-384