CVE-2024-49344

MEDIUM Year: 2024
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-384
View all →

Vulnerability Description

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages with Watson Assistant chat feature enabled the application establishes a session when a user logs in and uses chat, but the chat session is still left active after logout.

Related Vulnerabilities

CVE-2017-1152

MEDIUM
CVSS:4.3(Medium)

IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly update the SESSIONID with each request, which could allow a user to obtain the ID in further attacks against the system. IBM X-Force...

CWE-3842017

CVE-2018-1485

MEDIUM
CVSS:4.3(Medium)

IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This co...

CWE-3842018

CVE-2018-1626

MEDIUM
CVSS:4.3(Medium)

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This ...

CWE-3842018

CVE-2018-1948

MEDIUM
CVSS:4.3(Medium)

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the c...

CWE-3842018

CVE-2021-38869

MEDIUM
CVSS:4.3(Medium)

IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.

CWE-3842021

CVE-2022-1849

MEDIUM
CVSS:4.3(Medium)

Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.

CWE-3842022