Description

IBM Security Access Manager 9.0.1 through 9.0.6 does not invalidate session tokens in a timely manner. The lack of proper session expiration may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 158515.

Remediation

References

CVE-2019-4152

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1875)

WordPress Plugin WP Google Maps Multiple Cross-Site Scripting Vulnerabilities (8.1.12)

Vanilla Forums Deserialization of Untrusted Data Vulnerability (CVE-2018-19499)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.15)

WordPress Plugin Brute Force Login Protection Unspecified Vulnerability (1.5)

Severity

Medium

Classification

CVE-2019-4152 CWE-384 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities