Main Vulnerability Database Vulnerabilities #VU117

Spoofing attack in IBM Security Identity Manager Virtual Appliance - CVE-2016-0339

Published: July 11, 2016 / Updated: November 22, 2018

Vulnerability identifier: #VU117

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2016-0339

CWE-ID: CWE-451

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
IBM Security Identity Manager Virtual Appliance

Detailed vulnerability description

The vulnerability allows a remote attacker to conduct spoofing attacks.

The vulnerability exists in IBM Security Identity Manager Virtual Appliance. A remote attacker with the ability to monitor communications on the network can spoof another user due to invalid session identifiers after the victim has logged out.

Successful exploitation of this vulnerability may result in disclosure of user information.

How to mitigate CVE-2016-0339

IBM has issued a fix (7.0.1-ISS-SIM-FP0003).

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg21985736

Spoofing attack in IBM Security Identity Manager Virtual Appliance - CVE-2016-0339

Detailed vulnerability description

How to mitigate CVE-2016-0339

Sources

Please verify you're human