7.2
CVE-2024-25051
- EPSS 0.19%
- Veröffentlicht 02.04.2025 15:15:56
- Zuletzt bearbeitet 14.07.2025 18:34:13
- Quelle psirt@us.ibm.com
- CVE-Watchlists
- Unerledigt
IBM Jazz Reporting Service insufficient session expiration
IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ibm ≫ Jazz Reporting Service Version7.0.2
Ibm ≫ Jazz Reporting Service Version7.0.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.403 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| psirt@us.ibm.com | 6.6 | 0.7 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-613 Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."