CVE-2016-0339

MEDIUM

IBM Security Identity Manager (ISIM) Virtual Appliance <7.0.1.1 - I...

Title source: llm

Description

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."

References (3)

[Vendor Advisory] http://www-01.ibm.com/support/docview.wss?uid=swg21985736

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036255

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91689

Scores

CVSS v3 5.6

EPSS 0.0023

EPSS Percentile 45.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-284

Status draft

Affected Products (6)

ibm/security_identity_manager_adapter

ibm/security_identity_manager_adapter

ibm/security_identity_manager_adapter

ibm/security_identity_manager_adapter

ibm/security_identity_manager_adapter

ibm/security_identity_manager_adapter

Timeline

Published Jul 15, 2016

Tracked Since Feb 18, 2026