Описание
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 6.1.3 (включая)
Одно из
cpe:2.3:a:ibm:lotus_mobile_connect:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_mobile_connect:6.1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:lotus_mobile_connect:6.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 17%
0.00053
Низкий
4.4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch.
EPSS
Процентиль: 17%
0.00053
Низкий
4.4 Medium
CVSS2
Дефекты
CWE-287