8.8
CVE-2023-38002
- EPSS 0.02%
- Veröffentlicht 30.04.2024 15:15:50
- Zuletzt bearbeitet 04.08.2025 17:47:19
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
LoginIBM Storage Scale session fixation
IBM Storage Scale 5.1.0.0 through 5.1.9.2 could allow an authenticated user to steal or manipulate an active session to gain access to the system. IBM X-Force ID: 260208.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Storage Scale Version >= 5.1.0.0 < 5.2.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.03 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 5 | 1.6 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-384 Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.