← Back

CVE-2023-40695

PUBLISHED5.0CWE-613

IBM Cognos Controller session fixation

ibm

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.

Problem type

Affected products

IBM

Cognos Controller

10.4.1, 10.4.2, 11.0.0 - AFFECTED

References

ibm.com

https://www.ibm.com/support/pages/node/7149876

#vendor-advisory

exchange.xforce.ibmcloud.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/264938

#vdb-entry

JSON source

Click to expand
{
  "dataType": "CVE_RECORD",
  "containers": {
    "cna": {
      "title": "IBM Cognos Controller session fixation",
      "source": {
        "discovery": "UNKNOWN"
      },
      "metrics": [
        {
          "format": "CVSS",
          "cvssV3_1": {
            "scope": "UNCHANGED",
            "version": "3.1",
            "baseScore": 6.3,
            "attackVector": "NETWORK",
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "integrityImpact": "LOW",
            "userInteraction": "NONE",
            "attackComplexity": "LOW",
            "availabilityImpact": "LOW",
            "privilegesRequired": "LOW",
            "confidentialityImpact": "LOW"
          },
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "IBM",
          "product": "Cognos Controller",
          "versions": [
            {
              "status": "affected",
              "version": "10.4.1, 10.4.2, 11.0.0"
            }
          ],
          "defaultStatus": "unaffected"
        }
      ],
      "references": [
        {
          "url": "https://www.ibm.com/support/pages/node/7149876",
          "tags": [
            "vendor-advisory"
          ]
        },
        {
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/264938",
          "tags": [
            "vdb-entry"
          ]
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.  IBM X-Force ID:  264938.",
          "supportingMedia": [
            {
              "type": "text/html",
              "value": "IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.  IBM X-Force ID:  264938.",
              "base64": false
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "type": "CWE",
              "cweId": "CWE-613",
              "description": "CWE-613 Insufficient Session Expiration"
            }
          ]
        }
      ],
      "providerMetadata": {
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm",
        "dateUpdated": "2024-05-03T18:18:46.183Z"
      }
    }
  },
  "cveMetadata": {
    "cveId": "CVE-2023-40695",
    "state": "PUBLISHED",
    "dateUpdated": "2024-05-03T18:18:46.183Z",
    "dateReserved": "2023-08-18T15:48:17.571Z",
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "datePublished": "2024-05-03T18:18:46.183Z",
    "assignerShortName": "ibm"
  },
  "dataVersion": "5.0"
}

Mitre source

https://cveawg.mitre.org/api/cve/CVE-2023-40695