IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI. IBM X-Force ID: 176334.
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Security_information_queue | Ibm | 1.0.0 (including) | 1.0.0 (including) |
Security_information_queue | Ibm | 1.0.1 (including) | 1.0.1 (including) |
Security_information_queue | Ibm | 1.0.2 (including) | 1.0.2 (including) |
Security_information_queue | Ibm | 1.0.3 (including) | 1.0.3 (including) |
Security_information_queue | Ibm | 1.0.4 (including) | 1.0.4 (including) |
Security_information_queue | Ibm | 1.0.5 (including) | 1.0.5 (including) |
Such a scenario is commonly observed when: