IBM Security Identity Manager Adapter 7.0.0.1 Remote Code Execution Vulnerability
6 Sep. 2016
Summary
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.
Vulnerable Systems:
* IBM Security Identity Manager Adapter 7.0.0.0
* IBM Security Identity Manager Adapter 7.0.0.1
* IBM Security Identity Manager Adapter 7.0.0.2
* IBM Security Identity Manager Adapter 7.0.0.3
* IBM Security Identity Manager Adapter 7.0.1.0
* IBM Security Identity Manager Adapter 7.0.1.1
IBM Security Identity Manager Virtual Appliance could allow a local user to take over a previously logged in user due to session expiration not being inforced.