IBM InfoSphere Information Server Lets Remote Authenticated Users Hijack the Target User's Session
|
|
SecurityTracker Alert ID: 1035125 |
|
SecurityTracker URL: http://securitytracker.com/id/1035125
|
|
CVE Reference:
CVE-2015-7450, CVE-2015-7490
(Links to External Site)
|
Date: Mar 1 2016
|
Impact:
User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 8.5, 8.7, 9.1, 11.3, 11.5
|
Description:
A vulnerability reported in IBM InfoSphere Information Server. A remote authenticated user can hijack the target user's session.
A remote authenticated user can change the user cookie to a target user's cookie value to hijack the target user's session.
|
Impact:
A remote authenticated user can hijack the target user's session.
|
Solution:
IBM has issued a fix (APAR JR54787).
The IBM advisory is available at:
https://www-304.ibm.com/support/docview.wss?uid=swg21975827
|
Vendor URL: www-304.ibm.com/support/docview.wss?uid=swg21975827 (Links to External Site)
|
Cause:
Access control error
|
Underlying OS: Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
