1. Home
  2. CVE Database
  3. CVE-2016-0339
MEDIUM · 5.6

CVE-2016-0339

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to sp...

Vulnerability Description

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."

CVSS Score

5.6

MEDIUM

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
IbmSecurity Identity Manager Adapter7.0.0.0

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2016-0339?

CVE-2016-0339 is a vulnerability with a CVSS score of 5.6 (MEDIUM). IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to sp...

How severe is CVE-2016-0339?

CVE-2016-0339 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0339?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Identity Manager Adapter.