1.7

CVE-2013-2997

IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmSecurity Appscan Update- Editionenterprise Version <= 8.6.0.2
IbmSecurity Appscan Version5.6.0.0 Update- Editionenterprise
IbmSecurity Appscan Version6.0.0.0 Update- Editionenterprise
IbmSecurity Appscan Version6.0.1.0 Update- Editionenterprise
IbmSecurity Appscan Version6.0.2.0 Update- Editionenterprise
IbmSecurity Appscan Version6.1.1.0 Update- Editionenterprise
IbmSecurity Appscan Version8.0.0.0 Update- Editionenterprise
IbmSecurity Appscan Version8.0.0.1 Update- Editionenterprise
IbmSecurity Appscan Version8.0.0.2 Update- Editionenterprise
IbmSecurity Appscan Version8.0.1.0 Update- Editionenterprise
IbmSecurity Appscan Version8.0.1.1 Update- Editionenterprise
IbmSecurity Appscan Version8.0.11 Update- Editionenterprise
IbmSecurity Appscan Version8.5.0.0 Update- Editionenterprise
IbmSecurity Appscan Version8.5.0.1 Update- Editionenterprise
IbmSecurity Appscan Version8.6.0.0 Update- Editionenterprise
IbmSecurity Appscan Version8.6.0.1 Update- Editionenterprise
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.208
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 1.7 3.1 2.9
AV:L/AC:L/Au:S/C:P/I:N/A:N