CVE-2019-4439

IBM Cloud Private 3.1.0, 3.1.1, and 3.1.2 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 162949.

Published : 2019-07-25 15:15 Updated : 2019-10-09 23:50

4.6
CVSS Score More info
Score 4.6 / 10
4.6
Vendor Product Version URI
Ibm Cloud Private 3.1.0 cpe:/a:ibm:cloud_private:3.1.0
Ibm Cloud Private 3.1.1 cpe:/a:ibm:cloud_private:3.1.1
Ibm Cloud Private 3.1.2 cpe:/a:ibm:cloud_private:3.1.2
  1. Ibm (1) Search CVE
    1. Cloud Private (3) Search CVE
      1. 3.1.0
      2. 3.1.1
      3. 3.1.2

CWE

ID Name Description Links
CWE-384 Session Fixation Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. CVE

History of changes

Date Event
2019-07-26 13:56
2019-07-25 15:15

New CVE