PT-2017-9715 · Red Hat+1 · Ipsilon+2

Howard Johnson

Publicado

2016-11-21

Atualizado

2023-02-12

CVE-2016-8638

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions ipsilon versions 1.0 through 1.0.2 ipsilon versions 1.1 through 1.1.1 ipsilon versions 1.2 through 1.2.0 ipsilon versions 2.0 through 2.0.1

Description A issue was found that allows an attacker to log out active sessions of other users. This is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also referred to as a "SAML2 multi-session" issue.

Recommendations For ipsilon versions 1.0 through 1.0.2, update to version 1.0.3 or later. For ipsilon versions 1.1 through 1.1.1, update to version 1.1.2 or later. For ipsilon versions 1.2 through 1.2.0, update to version 1.2.1 or later. For ipsilon versions 2.0 through 2.0.1, update to version 2.0.2 or later.

Correção

Session Fixation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-384

Identificadores relacionados

CESA-2016_2809

CVE-2016-8638

GHSA-376M-3RM2-9JM6

RHSA-2016:2809

RHSA-2016_2809

Produtos afetados

Centos

Red Hat

Ipsilon

PT-2017-9715 · Red Hat+1 · Ipsilon+2

CVE-2016-8638

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17