CVE-2016-0315

HIGH

IBM Jazz Reporting Service <6.0.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21983147

Scores

CVSS v3 8.8
EPSS 0.0103
EPSS Percentile 59.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-284
Status published
Products (5)
ibm/jazz_reporting_service 5.0
ibm/jazz_reporting_service 5.0.1
ibm/jazz_reporting_service 5.0.2
ibm/jazz_reporting_service 6.0
ibm/jazz_reporting_service 6.0.1
Published Jul 08, 2016
Tracked Since Feb 18, 2026