CVE-2023-26288

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-613
View all →

Vulnerability Description

IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477.

Related Vulnerabilities

CVE-2020-23136

MEDIUM
CVSS:5.5(Medium)

Microweber v1.1.18 is affected by no session expiry after log-out.

CWE-6132020

CVE-2020-4914

MEDIUM
CVSS:5.5(Medium)

IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.

CWE-6132020

CVE-2022-34392

MEDIUM
CVSS:5.5(Medium)

SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads ...

CWE-6132022

CVE-2022-38707

MEDIUM
CVSS:5.5(Medium)

IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.

CWE-6132022

CVE-2024-1900

MEDIUM
CVSS:5.5(Medium)

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after...

CWE-6132024

CVE-2017-14007

MEDIUM
CVSS:5.6(Medium)

An Insufficient Session Expiration issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The user's session is available for an extended period beyond the last activity, allowing ...

CWE-6132017