Vulnerabilities > CVE-2023-50936 - Insufficient Session Expiration vulnerability in IBM Powersc 1.3/2.0/2.1

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

ibm

CWE-613

NVD

Published: 2024-02-02

Updated: 2024-02-02

Summary

IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Powersc 2.0 IBM Powersc 2.1 IBM Powersc 1.3	3

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://www.ibm.com/support/pages/node/7113759
https://exchange.xforce.ibmcloud.com/vulnerabilities/275116