CVE-2019-4304 — Session Fixation in IBM Websphere Application Server

CWE-384 — Session Fixation3 documents3 sources

Severity

6.3MEDIUMNVD

EPSS

0.1%

top 75.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Websphere Application Server

Timeline

PublishedSep 30

Latest updateMay 24

Description

IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation. IBM X-Force ID: 160950.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages2 packages

▶NVDibm/websphere_application_server< 19.0.0.10

▶CVEListV5ibm/websphere_application_serverLiberty

🔴Vulnerability Details

GHSA

GHSA-455v-6vfw-6xvm: IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation↗2022-05-24

▶

CVEList

CVE-2019-4304: IBM WebSphere Application Server - Liberty could allow a remote attacker to bypass security restrictions caused by improper session validation↗2019-09-30

▶