Описание
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:jazz_reporting_service:6.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:jazz_reporting_service:6.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.0036
Низкий
5 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 5
github
больше 3 лет назад
Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.
EPSS
Процентиль: 58%
0.0036
Низкий
5 Medium
CVSS3
6 Medium
CVSS2
Дефекты
CWE-284