CVE-2013-2997

CWE-2643 documents3 sources
Severity
1.7LOW
EPSS
0.1%
top 76.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Appscan
Timeline
PublishedSep 8
Latest updateMay 17

Description

IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.1 | Impact: 2.9

Affected Packages1 packages

NVDibm/security_appscan8.6.0.2+15

🔴Vulnerability Details

2
GHSA
GHSA-226m-h7gc-7939: IBM Security AppScan Enterprise before 82022-05-17
CVEList
CVE-2013-2997: IBM Security AppScan Enterprise before 82013-09-08
CVE-2013-2997 (LOW CVSS 1.7) | IBM Security AppScan Enterprise bef | cvebase.io