CVE-2013-2997 : IBM Security AppScan Enterprise before 8.7 does not invalidate the session conte

IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

Published 2013-09-08 16:55:07

Updated 2025-04-11 00:51:22

Source IBM Corporation

View at NVD, CVE.org

Products affected by CVE-2013-2997

IBM » Security Appscan » Enterprise Edition
Versions up to, including, (<=) 8.6.0.2
cpe:2.3:a:ibm:security_appscan:*:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.0.0.0 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 6.1.1.0 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:6.1.1.0:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 6.0.2.0 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:6.0.2.0:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 6.0.1.0 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:6.0.1.0:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.5.0.0 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.5.0.0:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.0.0.1 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.6.0.0 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.6.0.0:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.5.0.1 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.5.0.1:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 6.0.0.0 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:6.0.0.0:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.0.1.0 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.0.1.1 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.0.1.1:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.0.0.2 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.6.0.1 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.6.0.1:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 5.6.0.0 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:5.6.0.0:-:enterprise:*:*:*:*:*
Matching versions
IBM » Security Appscan » Version: 8.0.11 Enterprise Edition
cpe:2.3:a:ibm:security_appscan:8.0.11:-:enterprise:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2013-2997

EPSS FAQ

0.08%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-2997

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.7	LOW	AV:L/AC:L/Au:S/C:P/I:N/A:N	3.1	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2013-2997

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-2997

http://www-01.ibm.com/support/docview.wss?uid=swg21640352

IBM Security Bulletin: Multiple vulnerabilities in AppScan Enterprise (CVE-2013-0531, CVE-2013-0440, CVE-2013-2997)
Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/84066

IBM Security AppScan Enterprise CVE-2013-2997 spoofing CVE-2013-2997 Vulnerability Report

Jump to

Vulnerability Details : CVE-2013-2997

Products affected by CVE-2013-2997

Exploit prediction scoring system (EPSS) score for CVE-2013-2997

CVSS scores for CVE-2013-2997

CWE ids for CVE-2013-2997

References for CVE-2013-2997