Hijack attcks in IBM Security Identity Manager Virtual Appliance in IBM Security Identity Manager Virtual Appliance - CVE-2016-0340
Published: July 11, 2016
Vulnerability identifier: #VU118
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-0340
CWE-ID: CWE-287
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
IBM Security Identity Manager Virtual Appliance
IBM Security Identity Manager Virtual Appliance
Detailed vulnerability description
The vulnerability allows a local user to hijack the session of a previously logged in user.
The vulnerability exists due to improperly enforced session expiration in IBM Security Identity Manager Virtual Appliance. A local user can take over a previously logged in user.
Successful exploitation of this vulnerability may result in disclosure of user information.
The vulnerability exists due to improperly enforced session expiration in IBM Security Identity Manager Virtual Appliance. A local user can take over a previously logged in user.
Successful exploitation of this vulnerability may result in disclosure of user information.
How to mitigate CVE-2016-0340
IBM has issued a fix (7.0.1-ISS-SIM-FP0003).