CVE-2019-4152

CWE-3843 documents3 sources
Severity
4.4MEDIUM
EPSS
0.0%
top 87.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Security Access Manager
Timeline
PublishedJun 25
Latest updateMay 24

Description

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

NVDibm/security_access_manager9.0.19.0.6
CVEListV5ibm/security_access_manager6 versions+5

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-28q4-frm2-r7ff: IBM Security Access Manager 92022-05-24
CVEList
CVE-2019-4152: IBM Security Access Manager 92019-06-25
CVE-2019-4152 (MEDIUM CVSS 4.4) | IBM Security Access Manager 9.0.1 t | cvebase.io