CVE-2018-1492 — Session Fixation in IBM Rational Collaborative Lifecycle Management

CWE-384 — Session Fixation3 documents3 sources

Severity

6.8MEDIUMNVD

CNA4.3

EPSS

0.1%

top 84.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Rational Collaborative Lifecycle Management IBM Rational Doors Next Generation IBM Rational Engineering Lifecycle Manager +4 more

Timeline

PublishedJul 10

Latest updateMay 13

Description

IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly log out from the previous session. IBM X-Force ID: 140977.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages14 packages

▶NVDibm/rational_team_concert5.0 — 5.0.2+1

▶NVDibm/rational_quality_manager5.0 — 5.0.2+1

▶NVDibm/rational_doors_next_generation5.0 — 5.0.2+1

▶NVDibm/rational_rhapsody_design_manager5.0 — 5.0.2+1

▶NVDibm/rational_engineering_lifecycle_manager5.0 — 5.0.2+1

🔴Vulnerability Details

GHSA

GHSA-j334-wp82-9v7f: IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly l↗2022-05-13

▶

CVEList

CVE-2018-1492: IBM Jazz Foundation products could allow a user with physical access to the system to log in as another user due to the server's failure to properly l↗2018-07-10

▶