6.3
CVE-2024-22351
- EPSS 0.15%
- Veröffentlicht 23.04.2025 22:15:49
- Zuletzt bearbeitet 08.07.2025 19:54:58
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM InfoSphere Information Server session fixation
IBM InfoSphere Information 11.7 Server does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Infosphere Information Server Version >= 11.7 < 11.7.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.352 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@us.ibm.com | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."