CVE-2024-25051Insufficient Session Expiration in IBM Jazz Reporting Service

CWE-613Insufficient Session Expiration3 documents3 sources
Severity
7.2HIGHNVD
CNA6.6
EPSS
0.2%
top 62.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Jazz Reporting Service
Timeline
PublishedApr 2

Description

IBM Jazz Reporting Service 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated privileged user to impersonate another user on the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/jazz_reporting_service7.0.2, 7.0.3+1
NVDibm/jazz_reporting_service7.0.2, 7.0.3+1

🔴Vulnerability Details

2
CVEList
IBM Jazz Reporting Service insufficient session expiration2025-04-02
GHSA
GHSA-83mw-hrr9-5qq8: IBM Jazz Reporting Service 72025-04-02
CVE-2024-25051 — Insufficient Session Expiration in IBM | cvebase