CVE-2016-8924

MEDIUM

IBM Maximo Asset Management <7.6 - Session Hijacking

Title source: llm

Description

IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit this vulnerability to gain access to another user's session. IBM X-Force ID: 118537.

References (2)

[Vendor Advisory] http://www.ibm.com/support/docview.wss?uid=swg21996256

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98023

Scores

CVSS v3 5.6

EPSS 0.0021

EPSS Percentile 42.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-79

Status published

Affected Products (4)

ibm/maximo_asset_management

IBM Corporation/Maximo Asset Management < 7.1, 7.1.1, 7.5, 7.6

Timeline

Published Apr 26, 2017

Tracked Since Feb 18, 2026