IBM WebSphere EXtreme Scale Session Hijacking Vulnerabilities

Summary

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier.

Credit:

The information has been provided by IBM.


Details

Vulnerable Systems:
 * IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1

Immune Systems:
 * IBM WebSphere eXtreme Scale 7.1.0 after 7.1.0.3 and 7.1.1 after 7.1.1.1

IBM WebSphere eXtreme Scale is prone to a session-hijacking vulnerability. An attacker can exploit this issue to hijack another user’s session and gain unauthorized access to the victim’s account on the affected application.

CVE Information:
CVE-2015-2029

Disclosure Timeline:
Original release date: 10/03/2015
Last revised: 10/05/2015

Categories: News