PT-2017-9715 · Red Hat+1 · Ipsilon+2
Howard Johnson
+1
·
Published
2016-11-21
·
Updated
2023-02-12
·
CVE-2016-8638
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
ipsilon versions 1.0 through 1.0.2
ipsilon versions 1.1 through 1.1.1
ipsilon versions 1.2 through 1.2.0
ipsilon versions 2.0 through 2.0.1
Description
A issue was found that allows an attacker to log out active sessions of other users. This is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active sessions from other users. It is also referred to as a "SAML2 multi-session" issue.
Recommendations
For ipsilon versions 1.0 through 1.0.2, update to version 1.0.3 or later.
For ipsilon versions 1.1 through 1.1.1, update to version 1.1.2 or later.
For ipsilon versions 1.2 through 1.2.0, update to version 1.2.1 or later.
For ipsilon versions 2.0 through 2.0.1, update to version 2.0.2 or later.
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Red Hat
Ipsilon