Auth bypass in Novell Imanager

CVE-2013-3268

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors.

Vulnerability class: Broken Authentication

EPSS: 0.002 (37.5th percentile) — read the EPSS interpretation.

Affected products

Novell Imanager — versions 2.7, 2.7.0, 2.7.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cve@mitre.org (x_refsource_CONFIRM)
novell-imanager-cve20133268-unspec(83761) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_CONFIRM)
59450 (vdb-entry, x_refsource_BID)