CVE Vulnerabilities

CVE-2024-45651

Insufficient Session Expiration

Published: Apr 18, 2025 | Modified: Apr 18, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

IBM Sterling Connect:Direct Web Services 6.1.0, 6.2.0, and 6.3.0

does not invalidate session after a browser closure which could allow an authenticated user to impersonate another user on the system.

Weakness 

According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”

Potential Mitigations 

References