CVE-2016-8924

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.6MEDIUM

EPSS

0.2%

top 56.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Maximo Asset Management IBM Maximo Asset Management

Timeline

PublishedApr 26

Latest updateMay 17

Description

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages2 packages

▶NVDibm/maximo_asset_management7.1, 7.5, 7.6+2

▶CVEListV5ibm_corporation/maximo_asset_management7.1, 7.1.1, 7.5, 7.6

🔴Vulnerability Details

GHSA

GHSA-qc8f-5c3c-gppm: IBM Maximo Asset Management 7↗2022-05-17

▶

CVEList

CVE-2016-8924: IBM Maximo Asset Management 7↗2017-04-26

▶

OSV

libarchive vulnerabilities↗2016-07-14

▶

💬Community

Bugzilla

CVE-2015-8924 libarchive: Heap out of bounds read in TAR parser↗2016-06-21

▶