Main Vulnerability Database Vulnerabilities #VU40208

Improper access control in Jazz Reporting Service - CVE-2016-0315

Published: July 8, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40208

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2016-0315

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
Jazz Reporting Service

Detailed vulnerability description

The vulnerability allows a remote authenticated user to execute arbitrary code.

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.

How to mitigate CVE-2016-0315

Install update from vendor's website.

Sources

http://www-01.ibm.com/support/docview.wss?uid=swg21983147

Improper access control in Jazz Reporting Service - CVE-2016-0315

Detailed vulnerability description

How to mitigate CVE-2016-0315

Sources

Please verify you're human