CVE-2013-5426

CWE-287 — Improper Authentication3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.1%

top 69.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Infosphere Master Data Management Collaboration Server IBM Infosphere Master Data Management Server FOR Product Information Management

Timeline

PublishedDec 19

Latest updateMay 17

Description

Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors.

CVSS vector

AV:A/AC:M/C:P/I:P/A:PExploitability: 4.4 | Impact: 6.4

Affected Packages2 packages

▶NVDibm/infosphere_master_data_management_collaboration_server10.0, 10.1, 11.0+2

▶NVDibm/infosphere_master_data_management9.0, 9.1+1

🔴Vulnerability Details

GHSA

GHSA-j8j9-5cwh-936j: Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10↗2022-05-17

▶

CVEList

CVE-2013-5426: Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10↗2013-12-19

▶