CVE-2016-0315

Published: Jul 8, 2016Modified: May 6, 2026

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 maintain session ID validity after a logout action, which allows remote authenticated users to hijack sessions by leveraging an unattended workstation.

Affected (5)

Products: Ibm: Jazz Reporting Service

Ibm

1 product

Jazz Reporting Service

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Ibm Jazz Reporting Service	Version 5.0.1
Ibm Jazz Reporting Service	Version 5.0.2
Ibm Jazz Reporting Service	Version 5.0
Ibm Jazz Reporting Service	Version 6.0.1
Ibm Jazz Reporting Service	Version 6.0

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

http://www-01.ibm.com/support/docview.wss?uid=swg21983147

Source: psirt@us.ibm.com

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21983147

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.