CVE-2016-6040

Опубликовано: 01 фев. 2017

Источник: nvd

CVSS3: 5

CVSS2: 6

EPSS Низкий

Описание

IBM Jazz Foundation could allow an authenticated user to take over a previously logged in user due to session expiration not being enforced.

Ссылки

http://www.securityfocus.com/bid/95115
Third Party Advisory
VDB Entry
https://www.ibm.com/support/docview.wss?uid=swg21996097
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95115
Third Party Advisory
VDB Entry
https://www.ibm.com/support/docview.wss?uid=swg21996097
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00193

Низкий

5 Medium

CVSS3

6 Medium

CVSS2

Дефекты

CWE-384

Связанные уязвимости

GHSA-gwpf-pfph-7ff7