Description

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.

Remediation

References

CVE-2019-4152

Related Vulnerabilities

Liferay Portal Missing Authorization Vulnerability (CVE-2022-38512)

Oracle Application Server CVE-2009-1011 Vulnerability (CVE-2009-1011)

Oracle Application Server Other Vulnerability (CVE-2007-0283)

OpenSSL Other Vulnerability (CVE-2003-0131)

WordPress Plugin WP eCommerce 'cart_messages[]' Parameter Cross-Site Scripting (3.8.6)

Severity

Medium

Classification

CVE-2019-4152 CWE-384 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities