Описание
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:cognos_controller:10.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_controller:10.4.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:cognos_controller:11.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 11%
0.00036
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-613
Связанные уязвимости
CVSS3: 6.3
github
почти 2 года назад
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.
EPSS
Процентиль: 11%
0.00036
Низкий
6.3 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-613