CVE-2023-50941

Опубликовано: 02 фев. 2024

Источник: nvd

CVSS3: 6.3

CVSS3: 5.4

EPSS Низкий

Описание

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/275131
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7113759
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/275131
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/7113759
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:powersc:1.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:powersc:2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:powersc:2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.0003

Низкий

6.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-384

Связанные уязвимости

GHSA-wxhv-5vpx-mrm3

CVSS3: 6.3

github

около 2 лет назад

IBM PowerSC 1.3, 2.0, and 2.1 does not provide logout functionality, which could allow an authenticated user to gain access to an unauthorized user using session fixation. IBM X-Force ID: 275131.

EPSS

Процентиль: 8%

0.0003

Низкий

6.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-384