CVE-2024-45651

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-613
View all →

Vulnerability Description

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0 does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.

Related Vulnerabilities

CVE-2017-3966

MEDIUM
CVSS:6.3(Medium)

Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers t...

CWE-6132017

CVE-2018-5438

MEDIUM
CVSS:6.3(Medium)

Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists...

CWE-6132018

CVE-2020-4253

MEDIUM
CVSS:6.3(Medium)

IBM Content Navigator 3.0CD does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 175559.

CWE-6132020

CVE-2020-4395

MEDIUM
CVSS:6.3(Medium)

IBM Security Access Manager Appliance 9.0.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 179358.

CWE-6132020

CVE-2021-20378

MEDIUM
CVSS:6.3(Medium)

IBM Guardium Data Encryption (GDE) 3.0.0.2 and 4.0.0.4 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 19570...

CWE-6132021

CVE-2021-20473

MEDIUM
CVSS:6.3(Medium)

IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force...

CWE-6132021