Vulnerability Details : CVE-2016-9703
IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.
Products affected by CVE-2016-9703
- cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:security_identity_manager_virtual_appliance:7.0.1.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9703
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 38 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9703
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
2.4
|
LOW | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
0.9
|
1.4
|
NIST |
CWE ids for CVE-2016-9703
-
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9703
-
http://www.ibm.com/support/docview.wss?uid=swg21996761
IBM Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance availablePatch;Vendor Advisory
-
http://www.securityfocus.com/bid/95327
IBM Security Identity Manager Virtual Appliance Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1037765
IBM Security Identity Manager Flaws Let Remote Users Conduct Cross-Site Scripting Attacks and Local Users View Passwords and Obtain Potentially Sensitive Information - SecurityTracker
Jump to