How severe is CVE-2018-5438?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2018-5438?

This is classified as CWE-613, which is a common weakness in software security.

CVE-2018-5438 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information.

Related Vulnerabilities

CVE-2017-3966

MEDIUM

CVSS:6.3(Medium)

Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers t...

CWE-6132017

CVE-2020-4253

MEDIUM

CVSS:6.3(Medium)

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559.

CWE-6132020

CVE-2020-4395

MEDIUM

CVSS:6.3(Medium)

IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.

CWE-6132020

CVE-2021-20378

MEDIUM

CVSS:6.3(Medium)

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 19570...

CWE-6132021

CVE-2021-20473

MEDIUM

CVSS:6.3(Medium)

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force...

CWE-6132021

CVE-2022-41291

MEDIUM

CVSS:6.3(Medium)

IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699.

CWE-6132022