#VU86161 Insufficient Session Expiration in Security Verify Privilege On-Premises
Vulnerability identifier: #VU86161
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-613
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Security Verify Privilege On-Premises
Other software /
Other software solutions
Vendor: IBM Corporation
Description
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue. A remote user can obtain or guess session token and gain unauthorized access to session that belongs to another user.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Security Verify Privilege On-Premises : 11.5
External links
http://exchange.xforce.ibmcloud.com/vulnerabilities/199324
http://www.ibm.com/support/pages/node/7047202
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
