CVE-2018-1375

Name of the Vulnerable Software and Affected Versions IBM Security Guardium Big Data Intelligence (SonarG) version 3.1

Description The issue arises because the session variable is not renewed after a successful authentication, potentially leading to session fixation or hijacking. This could force a user to utilize a cookie that may be known to an attacker.

Recommendations For IBM Security Guardium Big Data Intelligence (SonarG) version 3.1, consider implementing a session renewal mechanism after successful authentication to prevent session fixation or hijacking. As a temporary workaround, restrict access to sensitive areas of the application that rely on session variables until a proper fix is applied.