CVE-2018-1485

CWE-3843 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 70.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Bigfix Platform
Timeline
PublishedDec 12
Latest updateMay 13

Description

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 140970.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

NVDibm/bigfix_platform9.2.09.2.14+1
CVEListV5ibm/bigfix_platform4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-xxph-w5rg-hg9x: IBM BigFix Platform 92022-05-13
CVEList
CVE-2018-1485: IBM BigFix Platform 92018-12-12
CVE-2018-1485 (MEDIUM CVSS 4.3) | IBM BigFix Platform 9.2.0 through 9 | cvebase.io