Vulnerability Details : CVE-2018-1962
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
Products affected by CVE-2018-1962
- IBM » Security Identity ManagerVersions from including (>=) 7.0.1 and up to, including, (<=) 7.0.1.10cpe:2.3:a:ibm:security_identity_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1962
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1962
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
3.3
|
LOW | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
1.8
|
1.4
|
NIST | |
4.0
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.5
|
1.4
|
IBM Corporation |
CWE ids for CVE-2018-1962
-
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1962
-
http://www.ibm.com/support/docview.wss?uid=ibm10796380
IBM Security Bulletin: IBM Security Identity Manager is affected by multiple vulnerabilities (CVE-2018-1959, CVE-2018-1962, CVE-2018-1970)Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/153658
IBM Security Identity Manager information disclosure CVE-2018-1962 Vulnerability ReportVDB Entry;Vendor Advisory
-
http://www.securityfocus.com/bid/106854
IBM Security Identity Manager Virtual Appliance CVE-2018-1962 Security Bypass VulnerabilityThird Party Advisory
Jump to