PT-2017-12655 · Ibm · Ibm Security Guardium

Chris Shepherd

Publicado

2017-12-20

Atualizado

2018-01-03

CVE-2017-1270

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions IBM Security Guardium version 10.0

Description The issue allows for session fixation or hijacking due to the failure to renew a session variable after successful authentication. This could force a user to utilize a cookie that may be known to an attacker.

Recommendations For IBM Security Guardium version 10.0, consider implementing a session renewal mechanism after successful authentication to prevent session fixation or hijacking. As a temporary workaround, restrict access to sensitive operations that rely on session cookies to minimize the risk of exploitation.

Correção

Session Fixation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-384

Identificadores relacionados

CVE-2017-1270

Produtos afetados

Ibm Security Guardium

PT-2017-12655 · Ibm · Ibm Security Guardium

CVE-2017-1270

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4