CVE-2019-4072

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

6.3MEDIUM

EPSS

0.2%

top 63.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Spectrum Control IBM Tivoli Storage Productivity Center IBM Spectrum Control Standard Edition

Timeline

PublishedMay 9

Latest updateMay 24

Description

IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) allows users to remain idle within the application even when a user has logged out. Utilizing the application back button users can remain logged in as the current user for a short period of time, therefore users are presented with information for Spectrum Control Application. IBM X-Force ID: 157064.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages3 packages

▶CVEListV5ibm/spectrum_control_standard_edition12 versions+11

▶NVDibm/spectrum_control5.2.8 — 5.2.17.2+1

▶NVDibm/tivoli_storage_productivity_center5.2.0 — 5.2.7.1

🔴Vulnerability Details

GHSA

GHSA-ffv4-58cg-f6v5: IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5↗2022-05-24

▶

CVEList

CVE-2019-4072: IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5↗2019-05-09

▶