CVE-2016-0339
Severity
5.6MEDIUM
EPSS
0.2%
top 54.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 15
Latest updateMay 17
Description
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4