Vulnerabilities > CVE-2016-0234 - Insufficient Session Expiration vulnerability in IBM Openpages GRC Platform

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

ibm

CWE-613

NVD

Published: 2018-08-30

Updated: 2019-10-09

Summary

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow a local user to obtain sensitive information when a previous user has logged out of the system but neglected to close their browser. IBM X-Force ID: 110303.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Openpages GRC Platform 7.1.0.0 IBM Openpages GRC Platform 7.1.0.1 IBM Openpages GRC Platform 7.1.0.2 IBM Openpages GRC Platform 7.1.0.3 IBM Openpages GRC Platform 7.2.0.0 IBM Openpages GRC Platform 7.2.0.1 IBM Openpages GRC Platform 7.2.0.2 IBM Openpages GRC Platform 7.3.0.0	8

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

http://www-01.ibm.com/support/docview.wss?uid=swg21997687
https://exchange.xforce.ibmcloud.com/vulnerabilities/110303