6.5
CVE-2021-20431
- EPSS 0.16%
- Published 26.07.2021 12:15:08
- Last modified 21.11.2024 05:46:35
- Source psirt@us.ibm.com
- Teams watchlist Login
- Open Login
IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 does not invalidate session after logout which could allow an an attacker to obtain sensitive information from the system. IBM X-Force ID: 196342.
Data is provided by the National Vulnerability Database (NVD)
Ibm ≫ I2 Analysts Notebook Version9.2.0 SwEditionpremium
Ibm ≫ I2 Analysts Notebook Version9.2.1 SwEditionpremium
Ibm ≫ I2 Analysts Notebook Version9.2.2 SwEditionpremium
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.337 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| psirt@us.ibm.com | 4.3 | 2.8 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."