Lucene search
HistoryMay 03, 2024 - 7:15 p.m.
CVE-2023-40695
ibm cognos controller
session invalidation
authenticated user impersonation
ibm x-force id
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 264938.
Related
vulnrichment
vulnrichment
CVE-2023-40695 IBM Cognos Controller session fixation
2024-05-03 18:18:46
cvelist
cvelist
CVE-2023-40695 IBM Cognos Controller session fixation
2024-05-03 18:18:46
cve
cve
CVE-2023-40695
2024-05-03 19:15:07
ibm
ibm
Security Bulletin: IBM Controller has addressed multiple vulnerabilities
2024-05-01 21:46:16
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for NVD:CVE-2023-40695