CVE-2017-1270Session Fixation in IBM Security Guardium

CWE-384Session Fixation4 documents4 sources
Severity
3.3LOWNVD
EPSS
0.1%
top 83.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Guardium
Timeline
PublishedDec 20
Latest updateMay 14

Description

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5ibm/security_guardium5 versions+4
NVDibm/security_guardium5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-c8r8-7c4g-6g99: IBM Security Guardium 102022-05-14
CVEList
CVE-2017-1270: IBM Security Guardium 102017-12-20

💥Exploits & PoCs

1
Exploit-DB
HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution2017-06-14
CVE-2017-1270 — Session Fixation in IBM | cvebase