Lucene search

IbmCVE-2013-2997

HistorySep 08, 2013 - 4:55 p.m.

CVE-2013-2997

2013-09-0816:55:06

CWE-264

ibm

web.nvd.nist.gov

ibm

security

appscan

enterprise

before 8.7

session hijack

vulnerability

nvd

CVSS2

1.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

44.0%

JSON

IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation.

Affected configurations

Nvd

Node

ibmsecurity_appscanRange≤8.6.0.2-enterprise

ibmsecurity_appscanMatch5.6.0.0-enterprise

ibmsecurity_appscanMatch6.0.0.0-enterprise

ibmsecurity_appscanMatch6.0.1.0-enterprise

ibmsecurity_appscanMatch6.0.2.0-enterprise

ibmsecurity_appscanMatch6.1.1.0-enterprise

ibmsecurity_appscanMatch8.0.0.0-enterprise

ibmsecurity_appscanMatch8.0.0.1-enterprise

ibmsecurity_appscanMatch8.0.0.2-enterprise

ibmsecurity_appscanMatch8.0.1.0-enterprise

ibmsecurity_appscanMatch8.0.1.1-enterprise

ibmsecurity_appscanMatch8.0.11-enterprise

ibmsecurity_appscanMatch8.5.0.0-enterprise

ibmsecurity_appscanMatch8.5.0.1-enterprise

ibmsecurity_appscanMatch8.6.0.0-enterprise

ibmsecurity_appscanMatch8.6.0.1-enterprise

VendorProductVersionCPE
ibmsecurity_appscan*cpe:2.3:a:ibm:security_appscan:*:-:enterprise:*:*:*:*:*
ibmsecurity_appscan5.6.0.0cpe:2.3:a:ibm:security_appscan:5.6.0.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan6.0.0.0cpe:2.3:a:ibm:security_appscan:6.0.0.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan6.0.1.0cpe:2.3:a:ibm:security_appscan:6.0.1.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan6.0.2.0cpe:2.3:a:ibm:security_appscan:6.0.2.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan6.1.1.0cpe:2.3:a:ibm:security_appscan:6.1.1.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.0.0cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.0.1cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.0.2cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:*:*:*:*:*
ibmsecurity_appscan8.0.1.0cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_appscan	*	cpe:2.3:a:ibm:security_appscan::-:enterprise:::::
ibm	security_appscan	5.6.0.0	cpe:2.3:a:ibm:security_appscan:5.6.0.0:-:enterprise:::::*
ibm	security_appscan	6.0.0.0	cpe:2.3:a:ibm:security_appscan:6.0.0.0:-:enterprise:::::*
ibm	security_appscan	6.0.1.0	cpe:2.3:a:ibm:security_appscan:6.0.1.0:-:enterprise:::::*
ibm	security_appscan	6.0.2.0	cpe:2.3:a:ibm:security_appscan:6.0.2.0:-:enterprise:::::*
ibm	security_appscan	6.1.1.0	cpe:2.3:a:ibm:security_appscan:6.1.1.0:-:enterprise:::::*
ibm	security_appscan	8.0.0.0	cpe:2.3:a:ibm:security_appscan:8.0.0.0:-:enterprise:::::*
ibm	security_appscan	8.0.0.1	cpe:2.3:a:ibm:security_appscan:8.0.0.1:-:enterprise:::::*
ibm	security_appscan	8.0.0.2	cpe:2.3:a:ibm:security_appscan:8.0.0.2:-:enterprise:::::*
ibm	security_appscan	8.0.1.0	cpe:2.3:a:ibm:security_appscan:8.0.1.0:-:enterprise:::::*

Rows per page:

1-10 of 161

References

www-01.ibm.com/support/docview.wss?uid=swg21640352

exchange.xforce.ibmcloud.com/vulnerabilities/84066

CVSS2

1.7

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

44.0%

JSON

Related for CVE-2013-2997