CVE-2023-40695
PUBLISHED5.0CWE-613
IBM Cognos Controller session fixation
ibm
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.
Problem type
Affected products
IBM
Cognos Controller
10.4.1, 10.4.2, 11.0.0 - AFFECTED
References
ibm.com
https://www.ibm.com/support/pages/node/7149876
#vendor-advisoryexchange.xforce.ibmcloud.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/264938
#vdb-entryJSON source
Click to expand
{ "dataType": "CVE_RECORD", "containers": { "cna": { "title": "IBM Cognos Controller session fixation", "source": { "discovery": "UNKNOWN" }, "metrics": [ { "format": "CVSS", "cvssV3_1": { "scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW" }, "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "affected": [ { "vendor": "IBM", "product": "Cognos Controller", "versions": [ { "status": "affected", "version": "10.4.1, 10.4.2, 11.0.0" } ], "defaultStatus": "unaffected" } ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7149876", "tags": [ "vendor-advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264938", "tags": [ "vdb-entry" ] } ], "x_generator": { "engine": "Vulnogram 0.1.0-dev" }, "descriptions": [ { "lang": "en", "value": "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.", "supportingMedia": [ { "type": "text/html", "value": "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.", "base64": false } ] } ], "problemTypes": [ { "descriptions": [ { "lang": "en", "type": "CWE", "cweId": "CWE-613", "description": "CWE-613 Insufficient Session Expiration" } ] } ], "providerMetadata": { "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2024-05-03T18:18:46.183Z" } } }, "cveMetadata": { "cveId": "CVE-2023-40695", "state": "PUBLISHED", "dateUpdated": "2024-05-03T18:18:46.183Z", "dateReserved": "2023-08-18T15:48:17.571Z", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "datePublished": "2024-05-03T18:18:46.183Z", "assignerShortName": "ibm" }, "dataVersion": "5.0" }