Описание
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.
Ссылки
- VDB EntryVendor Advisory
- PatchVendor Advisory
- VDB EntryVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 9.0.1 (включая) до 9.0.6 (включая)
cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00042
Низкий
5.1 Medium
CVSS3
4.4 Medium
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-384
Связанные уязвимости
CVSS3: 4.4
github
около 3 лет назад
IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.
EPSS
Процентиль: 12%
0.00042
Низкий
5.1 Medium
CVSS3
4.4 Medium
CVSS3
3.6 Low
CVSS2
Дефекты
CWE-384