CVE-2016-0318Improper Access Control in IBM Jazz Reporting Service

CWE-284Improper Access Control3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.4%
top 41.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Jazz Reporting Service
Timeline
PublishedNov 25
Latest updateMay 17

Description

Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 does not destroy a Session ID upon a logout action, which allows remote attackers to obtain access by leveraging an unattended workstation.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.4

Affected Packages1 packages

NVDibm/jazz_reporting_service6.0, 6.0.1+1

Patches

Patch: www-01.ibm.comPatch: www-01.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-4764-cw6v-4r4x: Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 62022-05-17
CVEList
CVE-2016-0318: Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 62016-11-25
CVE-2016-0318 — Improper Access Control in IBM | cvebase