CVE-2008-4294

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Netcool/Webtop versions 2.1 through 2.1.0.4

Description: The issue allows physically proximate attackers to hijack a session by visiting an unattended workstation, because cached user privileges are preserved after logout. This can be demonstrated by a root session that remains valid after a subsequent read-only session has begun.

Recommendations: For IBM Tivoli Netcool/Webtop versions 2.1 through 2.1.0.4, update to version 2.1.0.5 or later to resolve the issue.