CVE-2016-8924
published 2017-04-26CVE-2016-8924: IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session…
medium5.6CVSS 3.0
AVNACHPRNUINSUCLILAL
IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | maximo_asset_management | — | — |
| ibm | maximo_asset_management | — | — |
| ibm | maximo_asset_management | — | — |
| ibm_corporation | maximo_asset_management | — | — |
| libarchive | libarchive | >= 0 < 3.1.2-7ubuntu2.3 | 3.1.2-7ubuntu2.3 |
| libarchive | libarchive | >= 0 < 3.1.2-11ubuntu0.16.04.2 | 3.1.2-11ubuntu0.16.04.2 |
CVSS provenance
nvdv3.05.6MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
osv6.5MEDIUM