Описание
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:ach_services:*:*
cpe:2.3:a:ibm:financial_transaction_manager:3.0.1.0:*:*:*:*:check_services:*:*
cpe:2.3:a:ibm:financial_transaction_manager:3.0.2.0:*:*:*:*:ach_services:*:*
cpe:2.3:a:ibm:financial_transaction_manager:3.0.2.0:*:*:*:*:check_services:*:*
EPSS
Процентиль: 33%
0.00134
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 4.3
github
больше 3 лет назад
IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force ID: 122293.
EPSS
Процентиль: 33%
0.00134
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-384