IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LIBM Transformation Extender Advanced
APPIbm10.0.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References
Related vulnerabilities
CVE-2023-49886CRITICAL9.8PL ✓ten sam produkt
RCE przez niebezpieczną deserializację Java w IBM Standards Processing Engine
CVE-2017-1758HIGH7.1ten sam produkt
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Fin...
CVE-2023-49883MEDIUM5.9ten sam produkt
IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by ...
CVE-2023-50300MEDIUM5.1ten sam produkt
IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due t...
CVE-2021-29883MEDIUM4.3ten sam produkt
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure at...