Session Expiry not enforced by default in IBM QRadar SIEM
CVE-ID: CVE-2015-2005 **
Description:IBM QRadar SIEM could allow a local user to obtain sensitive information due to session expiration not being enforced. A user on the machine could obtain information from the browser from a previous session. **
CVSS Base Score: 2.1**
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/103912 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** AV:L/AC:L/Au:N/C:P/I:N/A:N
ยท IBM QRadar SIEM 7.2.n
ยท IBM QRadar SIEM 7.1.n
ยท IBM QRadar/QRM/QVM/QRIF 7.2.5 Patch 6
ยท IBM QRadar SIEM 7.1 MR2 Patch 12
Session Inactivity timeout can be set in the system settings in the QRadar admin panel.