Vulnerability Details : CVE-2008-4294
IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun.
Products affected by CVE-2008-4294
- cpe:2.3:a:ibm:tivoli_netcool_webtop:2.1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-4294
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 20 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-4294
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2008-4294
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4294
-
http://www-01.ibm.com/support/docview.wss?uid=swg24018932
IBM notice: The page you requested cannot be displayedPatch
-
http://secunia.com/advisories/32036
About Secunia Research | FlexeraVendor Advisory
-
http://www.vupen.com/english/advisories/2008/2690
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ21888
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/45419
-
http://www.securityfocus.com/bid/31414
Jump to