1. Home
  2. CVE Database
  3. CVE-2016-0340
HIGH · 7.4

CVE-2016-0340

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging...

Vulnerability Description

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

CVSS Score

7.4

HIGH

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
IbmSecurity Identity Manager Adapter7.0.0.0

Related Weaknesses (CWE)

CWE-284

References

FAQ

What is CVE-2016-0340?

CVE-2016-0340 is a vulnerability with a CVSS score of 7.4 (HIGH). IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging...

How severe is CVE-2016-0340?

CVE-2016-0340 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-0340?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Identity Manager Adapter.