Vulnerability Details CVE-2017-1270
IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie that may be known to an attacker. IBM X-Force ID: 124745.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.6%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 2.1
References
Products affected by CVE-2017-1270
-
cpe:2.3:a:ibm:security_guardium:10.0
-
cpe:2.3:a:ibm:security_guardium:10.0.1
-
cpe:2.3:a:ibm:security_guardium:10.1.0
-
cpe:2.3:a:ibm:security_guardium:10.1.2
-
cpe:2.3:a:ibm:security_guardium:10.1.3