CVE-2016-9703

CWE-3843 documents3 sources

Severity

2.4LOW

EPSS

0.1%

top 80.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation Identity Manager IBM Security Identity Manager Virtual Appliance

Timeline

PublishedFeb 1

Latest updateMay 17

Description

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/security_identity_manager_virtual_appliance9 versions+8

▶CVEListV5ibm_corporation/identity_manager6 versions+5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-p2w6-gcfr-rq8g: IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the↗2022-05-17

▶

CVEList

CVE-2016-9703: IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the↗2017-02-01

▶