Vulnerability Description
IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Security Identity Manager | >= 7.0.1, <= 7.0.1.10 |
Related Weaknesses (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=ibm10796380PatchVendor Advisory
- http://www.securityfocus.com/bid/106854Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/153658VDB EntryVendor Advisory
- http://www.ibm.com/support/docview.wss?uid=ibm10796380PatchVendor Advisory
- http://www.securityfocus.com/bid/106854Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/153658VDB EntryVendor Advisory
FAQ
What is CVE-2018-1962?
CVE-2018-1962 is a vulnerability with a CVSS score of 4.0 (MEDIUM). IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access...
How severe is CVE-2018-1962?
CVE-2018-1962 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1962?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Security Identity Manager.