IBM Cloud Automation Manager Session Fixation Vulnerability
CVEID:CVE-2019-4617
**DESCRIPTION:**IBM Cloud Automation Manager does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168645 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Automation Manager | 3.2.1.0 |
Upgrade to IBM Cloud Automation Manager 3.2.1.1 or newer.
None