CVE-2016-9703 — LOW (2.4) — White Hats Nepal

Vulnerability Description

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.

CVSS Score

2.4

LOW

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Ibm	Security Identity Manager Virtual Appliance	7.0.0.0

Related Weaknesses (CWE)

CWE-384

References

http://www.ibm.com/support/docview.wss?uid=swg21996761PatchVendor Advisory
http://www.securityfocus.com/bid/95327Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037765
http://www.ibm.com/support/docview.wss?uid=swg21996761PatchVendor Advisory
http://www.securityfocus.com/bid/95327Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1037765

FAQ

What is CVE-2016-9703?

CVE-2016-9703 is a vulnerability with a CVSS score of 2.4 (LOW). IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.

How severe is CVE-2016-9703?

CVE-2016-9703 has been rated LOW with a CVSS base score of 2.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-9703?

Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Identity Manager Virtual Appliance.